From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Glenn Morris Newsgroups: gmane.emacs.bugs Subject: bug#13374: 24.?; open-gnutls-stream insecurity Date: Mon, 07 Jan 2013 23:27:23 -0500 Message-ID: <3fhamscn9w.fsf@fencepost.gnu.org> References: <87mwwlz43m.fsf@Black.ICE> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1357619290 30230 80.91.229.3 (8 Jan 2013 04:28:10 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 8 Jan 2013 04:28:10 +0000 (UTC) Cc: Oleksii Shevchuk , 13374@debbugs.gnu.org, Ted Zlatanov To: Lars Magne Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jan 08 05:28:26 2013 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1TsQnU-0007e0-C3 for geb-bug-gnu-emacs@m.gmane.org; Tue, 08 Jan 2013 05:28:20 +0100 Original-Received: from localhost ([::1]:39492 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsQnE-0002th-MM for geb-bug-gnu-emacs@m.gmane.org; Mon, 07 Jan 2013 23:28:04 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:39696) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsQnB-0002tZ-QP for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 23:28:02 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TsQnA-0004qo-Tp for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 23:28:01 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:42673) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsQnA-0004qk-QN for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 23:28:00 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1TsQnC-0004mV-77 for bug-gnu-emacs@gnu.org; Mon, 07 Jan 2013 23:28:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Glenn Morris Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 08 Jan 2013 04:28:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 13374 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 13374-submit@debbugs.gnu.org id=B13374.135761925018340 (code B ref 13374); Tue, 08 Jan 2013 04:28:02 +0000 Original-Received: (at 13374) by debbugs.gnu.org; 8 Jan 2013 04:27:30 +0000 Original-Received: from localhost ([127.0.0.1]:55914 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsQmf-0004lk-LS for submit@debbugs.gnu.org; Mon, 07 Jan 2013 23:27:30 -0500 Original-Received: from fencepost.gnu.org ([208.118.235.10]:53054 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsQmc-0004lc-Ln for 13374@debbugs.gnu.org; Mon, 07 Jan 2013 23:27:27 -0500 Original-Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1TsQmZ-00086u-GB; Mon, 07 Jan 2013 23:27:23 -0500 X-Spook: Ansar al-Islam Mole subversive MIT-LL nitrate CESID JPL X-Ran: 9JivwERlz]%O@+L9/2(?+OAy!ToB};s7uPR|T;i4loll^8[UvPu'zBVO>~Qwtb]$?~ X-Hue: blue X-Attribution: GM In-Reply-To: (Lars Magne Ingebrigtsen's message of "Tue, 08 Jan 2013 05:20:00 +0100") User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:69482 Archived-At: Lars Magne Ingebrigtsen wrote: > Well, the issue is what we do when we get a certificate we can't > validate. > > The traditional thing to do is to query the user for whether to connect > anyway, and whether to record a permanent exception for that > certificate. > > The code to do that hasn't been written yet. > > It's very common for SMTP and IMAP servers to use self-signed > certificates, so just forcing ":validate t" for all connections would > essentially mean that Emacs would be unusable for reading/sending email > (using encryption) before that code has been written. Ah well, ok, thanks for the explanation. It sounds then like it's probably better to leave this for trunk rather than try and force it into 24.3 at this relatively late stage.