From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Lars Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Mon, 25 Jun 2018 19:33:49 +0200
Message-ID: <m3po0esrcy.fsf@gnus.org>
References: <m236xe5vo2.fsf@mobilecat.lan>
	<eba313cf-104d-50dd-f1cd-4acb15864c0f@cs.ucla.edu>
	<CAM-tV--kcS34bGfMdDNziFp9S8LE5fjeT0V6n-QfM7Gnkde+rA@mail.gmail.com>
	<83po0iuhs7.fsf@gnu.org>
	<CAM-tV--iwqEJgQgijY4f_7uecXUGPLPPdU1-6mPh5DGAzu1Lpg@mail.gmail.com>
	<83lgb4tg92.fsf@gnu.org> <m3lgb4fe2e.fsf@gnus.org>
	<m3muvjaoln.fsf@gnus.org> <83efgusvdw.fsf@gnu.org>
	<m3a7riu7ph.fsf@gnus.org>
	<CAKDRQS4O66eQR8KDS2VwDLqUCrEktOD=CTCVayAHQZm1YxKG-w@mail.gmail.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1529947959 25933 195.159.176.226 (25 Jun 2018 17:32:39 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Mon, 25 Jun 2018 17:32:39 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)
Cc: Eli Zaretskii <eliz@gnu.org>, Paul Eggert <eggert@cs.ucla.edu>,
	Noam Postavsky <npostavs@gmail.com>,
	Emacs-Devel devel <emacs-devel@gnu.org>
To: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jun 25 19:32:34 2018
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fXVLu-0006eE-Iq
	for ged-emacs-devel@m.gmane.org; Mon, 25 Jun 2018 19:32:34 +0200
Original-Received: from localhost ([::1]:48525 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fXVO1-0007x0-MS
	for ged-emacs-devel@m.gmane.org; Mon, 25 Jun 2018 13:34:45 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:54109)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1fXVNG-0007un-1I
	for emacs-devel@gnu.org; Mon, 25 Jun 2018 13:33:58 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1fXVNC-0008OE-Nx
	for emacs-devel@gnu.org; Mon, 25 Jun 2018 13:33:58 -0400
Original-Received: from hermes.netfonds.no ([80.91.224.195]:59811)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <larsi@gnus.org>)
	id 1fXVNC-0008Nu-HA; Mon, 25 Jun 2018 13:33:54 -0400
Original-Received: from cm-84.212.221.165.getinternet.no ([84.212.221.165] helo=stories)
	by hermes.netfonds.no with esmtpsa
	(TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2)
	(envelope-from <larsi@gnus.org>)
	id 1fXVN7-0007rd-CP; Mon, 25 Jun 2018 19:33:51 +0200
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAG1BMVEX+/tvz6bj//+F+c1+9
	sI85Mir+/cr//+L++8IM+/T8AAACW0lEQVQ4jV2UvW/bMBDFGTdR1zCR3I4qUcBrjCM7l+DF7diC
	5m4jAJExttNyrRcjf3bfUfJHSxuC8H66d8cTT+ptWPvD2+F4+7bfa61wd8g5P1mPa34+DBhA1Jyb
	p44W9S4PUVrlvGqUUl1K9D03Ag7CtGryCvp1wopjTH5GCMSJMeZdBeT/rBoJEzCZFaxdqotoJfES
	ot6LXn4Nekpf4AB7gBpQbqpVsi4qZfoKql66Qffa3am+V2fwKPpca75/mJVt3zwfgZPnpwA8N7O+
	gtkI3BK6DuxR/Dnid3JR6xqhjXk5g01KXuu15pYXZmLUYLUt5XNaio/llhbGbFVzrGongDmQ5dv+
	nGPbdynqULcS52iJOgJzAwBV/su6wQyAevtrt1xH69IyuKVCjjxWte2Ypi256Dt0cdJLF4fk94H8
	OkSru+gRIc0awDUF37ZkNR4ws9reEdh7CxX1ApgXddr5awhsmRnvypdencEGuyZiTZEWFRyttkyW
	rGfAr6W/qKpcwV0yEH0rBiEnUHYwqk25E3B+g+WVmCWAPhRzkUMAMblE9rYfDtYRbBxJvcxy4C5O
	SXmR7HrNXLt+ATaBooR4pf616tjVQ/rwP0hti9SUfgxWJ/CaWg42uPRzAKdydwltZ4D4n9UuWRwT
	jEGary6tNnhUt0iRorVTlUdgPj2mGG2Ajm1aPx2BuYI3fiSjFplbLfOuDHRpkgyaNBHD87HOIEYZ
	3XCxBkjDtK6fACRqCURc5MJ+AHsBPohKMYqR9EsPHxmpkwRFClAxO7IUPjRa3gPOobTX63H9BeNL
	SqX8YOVDAAAAAElFTkSuQmCC
In-Reply-To: <CAKDRQS4O66eQR8KDS2VwDLqUCrEktOD=CTCVayAHQZm1YxKG-w@mail.gmail.com>
	(Jimmy Yuen Ho Wong's message of "Mon, 25 Jun 2018 18:20:55 +0100")
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
	[fuzzy]
X-Received-From: 80.91.224.195
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:226728
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/226728>

Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes:

> It's all about collisions[1], it's mostly a precaution, as no one has found an
> actual collistion for a cert yet, but Google has found collision for PDF last year
> [2].

Ah, OK, then the SHA1 intermediate check isn't that vital.

(I think the PDF collision was a cheat, anyway, since they just generated
a lot of binary junk in a non-parsed section of the PDF.  :-) )

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no