From: Lars Ingebrigtsen <larsi@gnus.org>
To: emacs-devel@gnu.org
Subject: Re: GnuTLS/TLS proposals for after the release
Date: Wed, 20 Jul 2016 14:04:27 +0200 [thread overview]
Message-ID: <m3twfk5xdg.fsf@gnus.org> (raw)
In-Reply-To: <87furnhj3g.fsf@lifelogs.com> (Ted Zlatanov's message of "Tue, 05 Jul 2016 17:26:43 -0400")
Ted Zlatanov <tzz@lifelogs.com> writes:
> 1) Proposal: after the 25.1 release, opening a secure network connection
> without `gnutls-available-p' should be an annoying warning. The
> alternative (tls.el) is less secure and IMHO should be discouraged.
I agree.
And I think the FSF distribution page for the prebuilt binaries on all
platforms should link to binaries that come with a complete set of
libraries needed to run Emacs in a secure manner. (Mostly relevant for
the Windows distribution.)
> 2) I am concerned that SSLv3 is explicitly in the tls.el defaults. See
> http://disablessl3.com/ for why, no need to write up all the reasons
> here. I propose to cut those lines out.
That's fine with me, but if it's deprecated, then it probably doesn't
matter much. :-)
> I propose a single variable, `gnutls-settings' which can be set per host
> regex or globally, and which can contain an alist or plist specifying
> each of the settings above as a string/string list or as a function.
> Basically a unified view of all GnuTLS-related connectivity settings
> instead of scattering them over several variables. I think in Customize
> that will look nicer and more friendly, plus the code will be simplified.
Yes, this sounds nice. The only slightly worrying thing from a user
perspective is that we'd then have two layers of settings/exceptions per
host -- one from `gnutls-settings', and one from the Network Security
Manager. This may confuse some users, but the extra power
`gnutls-settings' would give us might outweigh that slight problem.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
next prev parent reply other threads:[~2016-07-20 12:04 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-05 21:26 GnuTLS/TLS proposals for after the release Ted Zlatanov
2016-07-06 0:32 ` John Wiegley
2016-07-06 12:21 ` Ted Zlatanov
2016-07-06 14:25 ` Ted Zlatanov
2016-07-06 17:44 ` John Wiegley
2016-07-07 8:10 ` Robert Pluim
2016-07-12 13:52 ` Ted Zlatanov
2016-07-12 22:03 ` John Wiegley
2016-07-13 14:26 ` Eli Zaretskii
2016-07-13 14:43 ` Ted Zlatanov
2016-07-20 12:04 ` Lars Ingebrigtsen [this message]
2016-07-20 12:52 ` Stefan Monnier
2016-07-20 13:00 ` Compressing ELPA (was: GnuTLS/TLS proposals for after the release) Stefan Monnier
2016-08-02 20:58 ` Compressing ELPA John Wiegley
2016-08-02 22:04 ` Rostislav Svoboda
2016-08-02 22:25 ` Robert Weiner
2016-08-03 16:08 ` Clément Pit--Claudel
2016-08-03 16:29 ` Stefan Monnier
2016-07-20 13:14 ` GnuTLS/TLS proposals for after the release Ted Zlatanov
2016-07-20 14:21 ` Paul Eggert
2016-07-25 12:48 ` Ted Zlatanov
2016-07-25 13:01 ` Ted Zlatanov
2016-07-21 14:52 ` Eli Zaretskii
2016-07-21 15:22 ` Ted Zlatanov
2016-07-21 16:00 ` Eli Zaretskii
2016-07-21 16:35 ` Ted Zlatanov
2016-07-21 17:25 ` Lars Ingebrigtsen
2016-07-21 18:46 ` Eli Zaretskii
2016-07-22 14:38 ` Ted Zlatanov
2016-07-22 15:23 ` Eli Zaretskii
2016-07-23 7:44 ` Paul Eggert
2016-07-23 7:56 ` Eli Zaretskii
2016-07-22 14:38 ` Stefan Monnier
2016-07-22 15:22 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3twfk5xdg.fsf@gnus.org \
--to=larsi@gnus.org \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).