From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Sat, 14 Jul 2018 18:18:52 +0100
Message-ID: <CAKDRQS6tZgvy9htBiLaGCHwJU24tjz=-jp5QoUtb8=6q6fYpbA@mail.gmail.com>
References: <m236xe5vo2.fsf@mobilecat.lan>
	<eba313cf-104d-50dd-f1cd-4acb15864c0f@cs.ucla.edu>
	<83o9g2uhju.fsf@gnu.org>
	<20180705115826.73c1d95e@jabberwock.cb.piermont.com>
	<E1fbCz5-00088E-Cg@fencepost.gnu.org>
	<CAKDRQS68xcs74s3afKTYgnQQYC1URhK6AAw=zGMSACGJbPU1Fw@mail.gmail.com>
	<83a7r4n5ht.fsf@gnu.org> <87lgaoaf2f.fsf@gmail.com>
	<CAKDRQS4iSG+vO2KXyVVWFCxoFfvNCPUO6ziOGBFGt6Zu=KOsgg@mail.gmail.com>
	<877em7o09z.fsf@gmail.com>
	<CAKDRQS7HMCuynM6hpM9wDOEzkqqyimiYGjTsFYeHAkNCdv5QiQ@mail.gmail.com>
	<36wu7mba.fsf@lifelogs.com>
	<de42a033-c9c6-be12-35f0-ea6fc2d4f92f@cs.ucla.edu>
	<CAKDRQS69AFBtKMbEG=HhvEx1gRXuTy5G0AACQ8RetxrwmZftfg@mail.gmail.com>
	<o9fg57ln.fsf@lifelogs.com>
	<CAKDRQS4hN4x3ssMeci7-YLiFe7bqg6BEViein_nQUiH6a_AFqw@mail.gmail.com>
	<83wou3ey46.fsf@gnu.org>
	<CAKDRQS6H5UZ1Y=J15Pb0Y=4QU+YgnUWu+kE=ErcjiMsSm9nU7g@mail.gmail.com>
	<83va9mgbop.fsf@gnu.org>
	<CAKDRQS5Yfe9omiiL=xtjoogJ-9Fq_EHOZgKHP+FeuJ4f6uui+g@mail.gmail.com>
	<83va9ib9wt.fsf@gnu.org>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Trace: blaine.gmane.org 1531589819 27820 195.159.176.226 (14 Jul 2018 17:36:59 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Sat, 14 Jul 2018 17:36:59 +0000 (UTC)
Cc: Paul Eggert <eggert@cs.ucla.edu>, rms@gnu.org,
	Ted Zlatanov <tzz@lifelogs.com>, "Perry E. Metzger" <perry@piermont.com>,
	Lars Ingebrigtsen <larsi@gnus.org>, Emacs-Devel devel <emacs-devel@gnu.org>
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Jul 14 19:36:54 2018
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1feOTT-00075U-GZ
	for ged-emacs-devel@m.gmane.org; Sat, 14 Jul 2018 19:36:51 +0200
Original-Received: from localhost ([::1]:42227 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1feOVa-0003tG-4Q
	for ged-emacs-devel@m.gmane.org; Sat, 14 Jul 2018 13:39:02 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:38935)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <wyuenho@gmail.com>) id 1feOCY-0007uh-O7
	for emacs-devel@gnu.org; Sat, 14 Jul 2018 13:19:26 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <wyuenho@gmail.com>) id 1feOCV-0007Ay-6P
	for emacs-devel@gnu.org; Sat, 14 Jul 2018 13:19:22 -0400
Original-Received: from mail-io0-x22f.google.com ([2607:f8b0:4001:c06::22f]:40239)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <wyuenho@gmail.com>)
	id 1feOCM-00074g-DL; Sat, 14 Jul 2018 13:19:10 -0400
Original-Received: by mail-io0-x22f.google.com with SMTP id l14-v6so24055522iob.7;
	Sat, 14 Jul 2018 10:19:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=mime-version:references:in-reply-to:from:date:message-id:subject:to
	:cc; bh=C4COpnHpuTf+VT4IxlF3o4bftPUm+DpTSXrB7Y0wSEo=;
	b=QWq8C3xYTnD4C1DWxdUMHV0wxpDDwB0VS1+vyTzG4TeDLmOuQbw4EwN0Mz3nAEH+2j
	i4wWQyz+OwVqYhJ0/6tjFzTmTCH1/lFwcP/F2JzbpauKfKKb63CwIehZewyw4rwtIX/k
	JRTbwyImrieDIx7FXmeqLtI3biTqRIU0eL3b9+6J4/V88sxb45GYwpT/TCVw3eIj9Uot
	gVGPqnsQWTjycFgcCY8/8UgYHxrKGc9oRrm+uThnqpYlaq+ZRbI6WFwdElvxXNXxtGrb
	GxAoU8voBsvMgp2C/amf2p3jEKnogNwcISQAraBToOjdHE24YkpgLiBKoCVXoMD6hSbR
	fCGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:cc;
	bh=C4COpnHpuTf+VT4IxlF3o4bftPUm+DpTSXrB7Y0wSEo=;
	b=B6e1syVLFvSkMR6IdkfHYkXsXWMyTM6YnK1TP+1DKwJHkHPoc8agUP7B8WomyK61Bj
	FYuZnl3uTyu/P1kztl6oQ/o+UGqEv/uF3bdnrb1XcSYWWQHRfTE1hIMcRBxXOYqp7nqS
	puDVwQZAhPNmLyo/cBkt0MeE2JIDLG3LnsnWdknEwus0wNRMPhTPh+IrnzAWbzZoMrBi
	cRDso6pcKSPDtfRT5aMrxztKNSjT5b3xju3S42rEKyI0JFbivYtd0op1/tJr8ysR3QGp
	M0e/qnnDlIGYzM/4FXP+DJkdIT08MW1pTom95T1fMlkfzfHvaIoB/KAR+qPa0dfLNqYr
	hP/w==
X-Gm-Message-State: AOUpUlEMPZxy+2X5tGx6XurznKBxVPJYn/cs50Ivm9JtrmQRAbcKxno4
	lTTe/0VTOrlAs9Sm74jQZDF8IgU/lu8yzMbabSUqhTgf
X-Google-Smtp-Source: AAOMgperXcVL4AlxBNG1U/IjgNGNdfIPrhGph3pgdxAlyTv5TQQsu0Nmf/LUdOgHhizZLom52acsoJATlJ2aggKNlaI=
X-Received: by 2002:a6b:c5c6:: with SMTP id
	v189-v6mr9203426iof.167.1531588749226; 
	Sat, 14 Jul 2018 10:19:09 -0700 (PDT)
In-Reply-To: <83va9ib9wt.fsf@gnu.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:4001:c06::22f
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:227410
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/227410>

Hi All,

I've just pushed a "netsec" branch to Savannah. Here's a summary of the changes:

* Ability to specify a bunch of CRL PEM files on your system for
GnuTLS to verify against
* Set the standard value of `gnutls-min-prime-bits` to nil so GnuTLS
can do its thing using its own default
* Completely revamped NSM checks - many new checks and bug fixes,
please see the commit diff for details
* New `nsm-trust-local-network` option to bypass implicitly trusted
NSM checks on local networks
* Revamped NSM prompt - full certificate chain details now available,
summary is also more useful now

Planned TODOs:

* OCSP
* Update NEWS and the manual

Please help me test the **** of out this branch with all kinds of
networks, OSes and servers.

Thank you so much!
On Sat, Jul 14, 2018 at 7:37 AM Eli Zaretskii <eliz@gnu.org> wrote:
>
> > From: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
> > Date: Fri, 13 Jul 2018 21:50:41 +0100
> > Cc: Ted Zlatanov <tzz@lifelogs.com>, Paul Eggert <eggert@cs.ucla.edu>, rms@gnu.org,
> >       "Perry E. Metzger" <perry@piermont.com>, Lars Ingebrigtsen <larsi@gnus.org>,
> >       Emacs-Devel devel <emacs-devel@gnu.org>
> >
> > Just got confirmation that my paperwork had been signed by all
> > parties. Set me up?
>
> Yes, your name i now on file.  But I see you didn't request membership
> in the emacs project, or maybe I don't recognize your user name among
> those who did.  You need to request membership, and then I can approve
> you, which gives you write access to the repository.
>