From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.gnus.general,gmane.emacs.devel Subject: Replace starttls.el with GNUTLS based version? Date: Mon, 01 Dec 2003 03:31:49 +0100 Sender: ding-owner@lists.math.uh.edu Message-ID: Reply-To: ding@gnus.org NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1070245955 26180 80.91.224.253 (1 Dec 2003 02:32:35 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Mon, 1 Dec 2003 02:32:35 +0000 (UTC) Cc: emacs-devel@gnu.org, Daiki Ueno Original-X-From: ding-owner+M3544@lists.math.uh.edu Mon Dec 01 03:32:33 2003 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1AQdrU-0000Gf-00 for ; Mon, 01 Dec 2003 03:32:32 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1AQdrG-0002x6-00; Sun, 30 Nov 2003 20:32:18 -0600 Original-Received: from justine.libertine.org ([66.139.78.221] ident=postfix) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1AQdr8-0002x0-00 for ding@lists.math.uh.edu; Sun, 30 Nov 2003 20:32:11 -0600 Original-Received: from yxa.extundo.com (178.230.13.217.in-addr.dgcsystems.net [217.13.230.178]) by justine.libertine.org (Postfix) with ESMTP id 952A43A0025 for ; Sun, 30 Nov 2003 20:32:08 -0600 (CST) Original-Received: from latte (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.10/8.12.10) with ESMTP id hB12Vvrh026338 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO); Mon, 1 Dec 2003 03:32:02 +0100 Original-To: ding@gnus.org X-Payment: hashcash 1.2 0:031201:ding@gnus.org:c0cfe6f15eb919ae X-Hashcash: 0:031201:ding@gnus.org:c0cfe6f15eb919ae X-Payment: hashcash 1.2 0:031201:emacs-devel@gnu.org:5a1cc281a89d0e06 X-Hashcash: 0:031201:emacs-devel@gnu.org:5a1cc281a89d0e06 X-Payment: hashcash 1.2 0:031201:ueno@unixuser.org:e329cdb44520a2ec X-Hashcash: 0:031201:ueno@unixuser.org:e329cdb44520a2ec User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux) Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:55004 gmane.emacs.devel:18239 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:18239 How many uses STARTTLS? For SMTP or IMAP? The external program 'starttls' isn't widely available (e.g., not packaged by Debian) and it uses OpenSSL, so I would like to replace the current starttls.el with a (partially) backwards compatible version that uses GNUTLS. It is currently installed in Gnus CVS contrib/starttls.el, and I have been using it for a while. The only problem I perceive is that if anyone is using client X.509 certificates, they will have to move from `starttls-extra-args' to `starttls-extra-argument'. (That is the backwards incompatible part.) Because there appear to be a bug in the "starttls" application that make client authentication useless because the verification result is ignored, I suspect not many uses X.509 client certificates with STARTTLS, or at least not anyone who cares enough about security to audit the tools they use. So nobody, even users that have configured client certificates, would lose security by changing to anonymous TLS with gnutls-cli. However, they can increase security by setting the new s-e-a variable. So, does anyone have an opinion for or against moving gnus/contrib/starttls.el into gnus/lisp/starttls.el and emacs/lisp/gnus/starttls.el? In Emacs, lisp/gnus/imap.el have to be modified as well (it currently use hard coded filenames, and assumes things about how the old starttls.el was implemented), but lisp/mail/smtpmail.el work with STARTTLS unmodified. To test this in Gnus, simply copy contrib/starttls.el over lisp/starttls.el and rebuild.