From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Lars Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Sun, 08 Jul 2018 17:13:19 +0200
Message-ID: <87pnzxn4kw.fsf@mouse.gnus.org>
References: <m236xe5vo2.fsf@mobilecat.lan>
	<eba313cf-104d-50dd-f1cd-4acb15864c0f@cs.ucla.edu>
	<83o9g2uhju.fsf@gnu.org>
	<20180705115826.73c1d95e@jabberwock.cb.piermont.com>
	<E1fbCz5-00088E-Cg@fencepost.gnu.org>
	<CAKDRQS68xcs74s3afKTYgnQQYC1URhK6AAw=zGMSACGJbPU1Fw@mail.gmail.com>
	<878t6lom8g.fsf@mouse.gnus.org>
	<CAKDRQS4bX_dTnzvWoj5mNJC3=__jUoNGp4r+uygao+V0qks=5A@mail.gmail.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1531062722 2528 195.159.176.226 (8 Jul 2018 15:12:02 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Sun, 8 Jul 2018 15:12:02 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)
Cc: Emacs-Devel devel <emacs-devel@gnu.org>
To: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Jul 08 17:11:58 2018
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fcBLy-0000VP-8s
	for ged-emacs-devel@m.gmane.org; Sun, 08 Jul 2018 17:11:58 +0200
Original-Received: from localhost ([::1]:37291 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fcBO3-0002YZ-C9
	for ged-emacs-devel@m.gmane.org; Sun, 08 Jul 2018 11:14:07 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:53019)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1fcBNP-0002YM-3i
	for emacs-devel@gnu.org; Sun, 08 Jul 2018 11:13:28 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1fcBNL-0004W8-TB
	for emacs-devel@gnu.org; Sun, 08 Jul 2018 11:13:27 -0400
Original-Received: from hermes.netfonds.no ([80.91.224.195]:35134)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <larsi@gnus.org>) id 1fcBNL-0004VY-KX
	for emacs-devel@gnu.org; Sun, 08 Jul 2018 11:13:23 -0400
Original-Received: from cm-84.212.221.165.getinternet.no ([84.212.221.165] helo=marnie)
	by hermes.netfonds.no with esmtpsa
	(TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2)
	(envelope-from <larsi@gnus.org>)
	id 1fcBNH-0006se-Ov; Sun, 08 Jul 2018 17:13:21 +0200
In-Reply-To: <CAKDRQS4bX_dTnzvWoj5mNJC3=__jUoNGp4r+uygao+V0qks=5A@mail.gmail.com>
	(Jimmy Yuen Ho Wong's message of "Sun, 8 Jul 2018 15:54:24 +0100")
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
	[fuzzy]
X-Received-From: 80.91.224.195
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:227107
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/227107>

Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes:

> I still haven't heard of a "good reason" yet.

It's been stated in this thread that somebody uses it and finds it
useful, and I think that's sufficient.

>> But, yes, as Eli says, `paranoid' should perhaps do more for non-TLS
>> connections.  The question is "what", though, because there's no
>> fingerprint (beyond the host/port number) that we can use to verify
>> that a non-TLS connection is to a previously seen host.
>
> Exactly. NSM can only warn you if you are establishing a cleartext
> connection, nothing else can be done.

Well...  It could just do the host/port number thing and say "you've
never connected to this host before".  It's not much (considering how
easy it is to spoof DNS), but it's not nothing either.

> That's true, but there's still no reason to default
> `gnutls-min-prime-bits` to 256. If that's the default, presumably
> checking for DH prime bits > 1024 is a bug as NSM should let 256-bit
> DH prime go through.

No?  We let gnutls always establish the connection, no matter how sucky,
and then we ask the user about it.  That's the whole idea behind the
NSM.

And setting gnutls-min-prime-bits to 256 has no adverse effects, since
(contrary to what you've said several times in this thread), the TLS
connection will use as many prime bits that the server offers,
apparently.

> BTW, this bahavior pretty much we can default `gnutls-min-prime-bits`
> to nil with no problem at all as we haven't seen any bug complaining
> about NSM checking for DH prime bits > 1024 being too strict.

I don't think we would get a bug report for that.  People deal with
"broken" web site TLS all the time, and there'll be an abundance of them
over the next years.  That's what the NSM is for, and that's not
something users will complain about.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no