From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Sun, 8 Jul 2018 20:28:49 +0100
Message-ID: <CAKDRQS4Jsb9fkrK8G5+x4ApcdFtmEoBYgOviA9eMCFQ4389rEg@mail.gmail.com>
References: <m236xe5vo2.fsf@mobilecat.lan>
	<eba313cf-104d-50dd-f1cd-4acb15864c0f@cs.ucla.edu>
	<83o9g2uhju.fsf@gnu.org>
	<20180705115826.73c1d95e@jabberwock.cb.piermont.com>
	<E1fbCz5-00088E-Cg@fencepost.gnu.org>
	<CAKDRQS68xcs74s3afKTYgnQQYC1URhK6AAw=zGMSACGJbPU1Fw@mail.gmail.com>
	<878t6lom8g.fsf@mouse.gnus.org>
	<CAKDRQS4bX_dTnzvWoj5mNJC3=__jUoNGp4r+uygao+V0qks=5A@mail.gmail.com>
	<87pnzxn4kw.fsf@mouse.gnus.org>
	<CAKDRQS4PkF+wgW=X4F+F+=xvn_fXXt7i99e9v-idb5ch4XW1TQ@mail.gmail.com>
	<87fu0tmxfs.fsf@mouse.gnus.org>
	<CAKDRQS6M5xryMFw4hmob-eVyhZp9KgDsW53VPfyF1Qsugfw4vQ@mail.gmail.com>
	<87tvp9lgc4.fsf@mouse.gnus.org>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Trace: blaine.gmane.org 1531078070 3679 195.159.176.226 (8 Jul 2018 19:27:50 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Sun, 8 Jul 2018 19:27:50 +0000 (UTC)
Cc: Emacs-Devel devel <emacs-devel@gnu.org>
To: Lars Ingebrigtsen <larsi@gnus.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Jul 08 21:27:46 2018
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fcFLV-0000rk-QA
	for ged-emacs-devel@m.gmane.org; Sun, 08 Jul 2018 21:27:45 +0200
Original-Received: from localhost ([::1]:38015 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fcFNd-0002T8-1P
	for ged-emacs-devel@m.gmane.org; Sun, 08 Jul 2018 15:29:57 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:47670)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <wyuenho@gmail.com>) id 1fcFMp-0002Os-DX
	for emacs-devel@gnu.org; Sun, 08 Jul 2018 15:29:09 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <wyuenho@gmail.com>) id 1fcFMk-0006b8-UI
	for emacs-devel@gnu.org; Sun, 08 Jul 2018 15:29:07 -0400
Original-Received: from mail-it0-x230.google.com ([2607:f8b0:4001:c0b::230]:36700)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <wyuenho@gmail.com>) id 1fcFMk-0006ar-OL
	for emacs-devel@gnu.org; Sun, 08 Jul 2018 15:29:02 -0400
Original-Received: by mail-it0-x230.google.com with SMTP id j185-v6so23373915ite.1
	for <emacs-devel@gnu.org>; Sun, 08 Jul 2018 12:29:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=mime-version:references:in-reply-to:from:date:message-id:subject:to
	:cc; bh=hlisXIhaDyYXGgYOaH0vU2XFU2bIIfk/LxXggaA1bno=;
	b=txvlKg/HQrY4D1NyqcwdyJ3LBfTcP+wx2zR6ZiSE069dRWqXOonoHqo4WB9zeeIZTP
	usVvY6JwZPbaio3GrlD3QCQNHbw5LsUfoCMPCTOjgSTUlZmz0qxIMolB27Rm19vqM+6w
	+NAeEDVC2vcofQSmV5yT6XgyvjkwKOV/kJav7RGyx48+oMUkKnqxZM5vwssOFZwO/WAT
	+ziFnUHhAft97qtLgokK9rAhbGlKW3hFLQjh7vM9IcXUBdeppQdsCp3xV/7Umz/ZUOlp
	Wea4g500bmFDtAT+ec6tH6yeKETp6vDouKCK7B59+YSZRSw7lwcP6qML5pFEKwcctZPo
	PXgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:cc;
	bh=hlisXIhaDyYXGgYOaH0vU2XFU2bIIfk/LxXggaA1bno=;
	b=uXw+wGMoqJjF7AoeovQYofoosP7ZYY/LaEh6lshg3DBysCRKIJFs8CPW1LeREVTB0p
	gxiSbe0+qlkG97ifw+M5ExSHvfA418zZtk4CZfLjbtbpn7AFv9pQmQKI50veX8lmjVzI
	mgSSbUwpfFWwTj2l3wmXyy71CZPQB8I1DQohA+65hKT9GXklJyQX6lSsPUi2BdRnTznZ
	ifQZArjEvLT8trj4MW1oaGM4KSBtNgj+WNN1yi1kocCvwBxJGsdeWiuKJErDCXcmZ3B7
	l93InFLXk4r++LR9MJ4aJyWj1vJHz8U7BW5ecgkD+qq67z6ElK+gOHbP5nHWuvkaXlCq
	Ya4w==
X-Gm-Message-State: APt69E1NfXsuqHlOwPph3lFEi/zlUQd7TU5HBFQn7WP8GK055NiHTgTj
	0isKiFQ1EdiWCu8yzPEaxBhpYVwKSwNY4TdZARc=
X-Google-Smtp-Source: AAOMgpd2wf5skF3xaIBaOkV+1ZKLaFe3NgSJPdvvGdURQkse9Qp0U83uu6FNRYI/VptyNhv9mQSp9BczPVWCOd+Z0Y8=
X-Received: by 2002:a02:1e08:: with SMTP id m8-v6mr15378387jad.8.1531078141996;
	Sun, 08 Jul 2018 12:29:01 -0700 (PDT)
In-Reply-To: <87tvp9lgc4.fsf@mouse.gnus.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:4001:c0b::230
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:227133
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/227133>

On Sun, Jul 8, 2018 at 7:42 PM Lars Ingebrigtsen <larsi@gnus.org> wrote:
>
> Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes:
>
> > I'll reply to the problem with setting gnutls-algorithm-priority to
> > LEGACY in other email.
>
> Well, I'm not really advocating that.  It's a bit too much hubris.  :-)
> Nobody's perfect, and the default NORMAL gnutls-algorithm-priority is
> fine by me, even if it means a less-than-perfect UI and user experience.
>

But you could advocate that, I don't object to that :). You can just
copy this bit of code[1] and do a few adjustments in the checks to
avoid too much nagging if the user specifically listed he wants RC4 to
be enabled.

https://www.gnutls.org/manual/gnutls.html#Listing-the-ciphersuites-in-a-priority-string

> > That is correct, for consistency's sake. Since we'e decided on a
> > default NORMAL:%DUMB_FW priority string, which means let the GnuTLS
> > version you've built Emacs with to decide what cipher suites to allow,
> > it follows that we should also default `gnutls-min-prime-bits` to nil,
> > which also lets GnuTLS decide.
>
> We could, but we know that we handle that bit well on our own in the
> NSM, so I don't see the point.
>

As I said, it's a UI issue. You are confusing people when what they
specify do not match expectation. When I specify a lower bound, that's
me saying I don't want NSM to nag me about it.