From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Paul Eggert <eggert@cs.ucla.edu>
Newsgroups: gmane.emacs.devel
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Fri, 22 Jun 2018 15:43:35 -0700
Organization: UCLA Computer Science Department
Message-ID: <eba313cf-104d-50dd-f1cd-4acb15864c0f@cs.ucla.edu>
References: <m236xe5vo2.fsf@mobilecat.lan>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: blaine.gmane.org 1529707336 29774 195.159.176.226 (22 Jun 2018 22:42:16 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Fri, 22 Jun 2018 22:42:16 +0000 (UTC)
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
	Thunderbird/52.8.0
Cc: Lars Magne Ingebrigtsen <larsi@gnus.org>
To: Jimmy Yuen Ho Wong <wyuenho@gmail.com>, emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Jun 23 00:42:11 2018
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fWUkr-0007bf-72
	for ged-emacs-devel@m.gmane.org; Sat, 23 Jun 2018 00:42:09 +0200
Original-Received: from localhost ([::1]:36541 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fWUmy-0002QW-FE
	for ged-emacs-devel@m.gmane.org; Fri, 22 Jun 2018 18:44:20 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:55301)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eggert@cs.ucla.edu>) id 1fWUmL-0002QG-Jn
	for emacs-devel@gnu.org; Fri, 22 Jun 2018 18:43:42 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eggert@cs.ucla.edu>) id 1fWUmI-0003Ed-HE
	for emacs-devel@gnu.org; Fri, 22 Jun 2018 18:43:41 -0400
Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:46496)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <eggert@cs.ucla.edu>) id 1fWUmI-0003EN-7S
	for emacs-devel@gnu.org; Fri, 22 Jun 2018 18:43:38 -0400
Original-Received: from localhost (localhost [127.0.0.1])
	by zimbra.cs.ucla.edu (Postfix) with ESMTP id 56EDC160564;
	Fri, 22 Jun 2018 15:43:36 -0700 (PDT)
Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1])
	by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
	with ESMTP id te61M8knjz68; Fri, 22 Jun 2018 15:43:35 -0700 (PDT)
Original-Received: from localhost (localhost [127.0.0.1])
	by zimbra.cs.ucla.edu (Postfix) with ESMTP id 852C0160734;
	Fri, 22 Jun 2018 15:43:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1])
	by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id TC3gPDiWCEJB; Fri, 22 Jun 2018 15:43:35 -0700 (PDT)
Original-Received: from Penguin.CS.UCLA.EDU (Penguin.CS.UCLA.EDU [131.179.64.200])
	by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 5F250160564;
	Fri, 22 Jun 2018 15:43:35 -0700 (PDT)
Openpgp: preference=signencrypt
Autocrypt: addr=eggert@cs.ucla.edu; prefer-encrypt=mutual; keydata=
	xsFNBEyAcmQBEADAAyH2xoTu7ppG5D3a8FMZEon74dCvc4+q1XA2J2tBy2pwaTqfhpxxdGA9
	Jj50UJ3PD4bSUEgN8tLZ0san47l5XTAFLi2456ciSl5m8sKaHlGdt9XmAAtmXqeZVIYX/UFS
	96fDzf4xhEmm/y7LbYEPQdUdxu47xA5KhTYp5bltF3WYDz1Ygd7gx07Auwp7iw7eNvnoDTAl
	KAl8KYDZzbDNCQGEbpY3efZIvPdeI+FWQN4W+kghy+P6au6PrIIhYraeua7XDdb2LS1en3Ss
	mE3QjqfRqI/A2ue8JMwsvXe/WK38Ezs6x74iTaqI3AFH6ilAhDqpMnd/msSESNFt76DiO1ZK
	QMr9amVPknjfPmJISqdhgB1DlEdw34sROf6V8mZw0xfqT6PKE46LcFefzs0kbg4GORf8vjG2
	Sf1tk5eU8MBiyN/bZ03bKNjNYMpODDQQwuP84kYLkX2wBxxMAhBxwbDVZudzxDZJ1C2VXujC
	OJVxq2kljBM9ETYuUGqd75AW2LXrLw6+MuIsHFAYAgRr7+KcwDgBAfwhPBYX34nSSiHlmLC+
	KaHLeCLF5ZI2vKm3HEeCTtlOg7xZEONgwzL+fdKo+D6SoC8RRxJKs8a3sVfI4t6CnrQzvJbB
	n6gxdgCu5i29J1QCYrCYvql2UyFPAK+do99/1jOXT4m2836j1wARAQABzSBQYXVsIEVnZ2Vy
	dCA8ZWdnZXJ0QGNzLnVjbGEuZWR1PsLBfgQTAQIAKAUCTIByZAIbAwUJEswDAAYLCQgHAwIG
	FQgCCQoLBBYCAwECH 
In-Reply-To: <m236xe5vo2.fsf@mobilecat.lan>
Content-Language: en-US
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy]
X-Received-From: 131.179.128.68
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:226599
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/226599>

On 06/22/2018 03:00 PM, Jimmy Yuen Ho Wong wrote:
> 1. Can we update the default network security settings?

Yes, I would think so, in the master branch. As you say, the current 
defaults are inappropriate for today's users.

> 2. Now that `starttls.el` and `tls.el` are obsolete, and GnuTLS doesn't
>     seem to be doing a very good job, can we link to something better
>     maintained, such as OpenSSL/LibreSSL/BoringSSL/NSS?

I would think the answer to that could be "yes" too. Despite its name, 
GnuTLS is no longer GNU code, and we're under no obligation to promote 
it. However, this would take some work. We'd surely want the option to 
link to either GnuTLS or OpenSSL/etc.

> there's this thing call `nsm.el` seemingly
> doing redundant checks if your TLS settings are reasonable, what's the
> history of it and why is it not obsolete when `tls.el` and `starttls.el`
> are?

Lars is the person to ask about that. I'll CC: him.