unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed
* GnuTLS/TLS proposals for after the release
@ 2016-07-05 21:26 Ted Zlatanov
  2016-07-06  0:32 ` John Wiegley
  2016-07-20 12:04 ` Lars Ingebrigtsen
  0 siblings, 2 replies; 34+ messages in thread
From: Ted Zlatanov @ 2016-07-05 21:26 UTC (permalink / raw)
  To: emacs-devel

Here are some thoughts about the near future of gnutls.el and friends
(none urgently needed for the release):

1) Proposal: after the 25.1 release, opening a secure network connection
without `gnutls-available-p' should be an annoying warning. The
alternative (tls.el) is less secure and IMHO should be discouraged.

2) I am concerned that SSLv3 is explicitly in the tls.el defaults. See
http://disablessl3.com/ for why, no need to write up all the reasons
here. I propose to cut those lines out.

3) refactor gnutls.el a bit to support per-host settings more easily:
`gnutls-algorithm-priority', `gnutls-verify-error', `gnutls-trustfiles',
and `gnutls-min-prime-bits' all have different kinds of customizations.
For instance `gnutls-verify-error' can be global or per host regex,
while `gnutls-trustfiles' can be a function. This mish-mash reflects the
staggered work on that library over the years.

I propose a single variable, `gnutls-settings' which can be set per host
regex or globally, and which can contain an alist or plist specifying
each of the settings above as a string/string list or as a function.
Basically a unified view of all GnuTLS-related connectivity settings
instead of scattering them over several variables. I think in Customize
that will look nicer and more friendly, plus the code will be simplified.

If proposal 3 is accepted, the old variables will be accepted for some
time, deprecated later, and finally killed off. It won't be a sudden
transition.

Thanks
Ted




^ permalink raw reply	[flat|nested] 34+ messages in thread

end of thread, other threads:[~2016-08-03 16:29 UTC | newest]

Thread overview: 34+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-07-05 21:26 GnuTLS/TLS proposals for after the release Ted Zlatanov
2016-07-06  0:32 ` John Wiegley
2016-07-06 12:21   ` Ted Zlatanov
2016-07-06 14:25     ` Ted Zlatanov
2016-07-06 17:44     ` John Wiegley
2016-07-07  8:10       ` Robert Pluim
2016-07-12 13:52       ` Ted Zlatanov
2016-07-12 22:03         ` John Wiegley
2016-07-13 14:26           ` Eli Zaretskii
2016-07-13 14:43             ` Ted Zlatanov
2016-07-20 12:04 ` Lars Ingebrigtsen
2016-07-20 12:52   ` Stefan Monnier
2016-07-20 13:00     ` Compressing ELPA (was: GnuTLS/TLS proposals for after the release) Stefan Monnier
2016-08-02 20:58       ` Compressing ELPA John Wiegley
2016-08-02 22:04         ` Rostislav Svoboda
2016-08-02 22:25           ` Robert Weiner
2016-08-03 16:08       ` Clément Pit--Claudel
2016-08-03 16:29         ` Stefan Monnier
2016-07-20 13:14     ` GnuTLS/TLS proposals for after the release Ted Zlatanov
2016-07-20 14:21       ` Paul Eggert
2016-07-25 12:48         ` Ted Zlatanov
2016-07-25 13:01           ` Ted Zlatanov
2016-07-21 14:52       ` Eli Zaretskii
2016-07-21 15:22         ` Ted Zlatanov
2016-07-21 16:00           ` Eli Zaretskii
2016-07-21 16:35             ` Ted Zlatanov
2016-07-21 17:25               ` Lars Ingebrigtsen
2016-07-21 18:46                 ` Eli Zaretskii
2016-07-22 14:38                   ` Ted Zlatanov
2016-07-22 15:23                     ` Eli Zaretskii
2016-07-23  7:44                       ` Paul Eggert
2016-07-23  7:56                         ` Eli Zaretskii
2016-07-22 14:38             ` Stefan Monnier
2016-07-22 15:22               ` Eli Zaretskii

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).