From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: A couple of questions and concerns about Emacs network security Date: Sat, 07 Jul 2018 19:08:04 +0300 Message-ID: <83pnzzhvvf.fsf@gnu.org> References: <20180705093346.071e6970@jabberwock.cb.piermont.com> <83wou9n66t.fsf@gnu.org> <20180705112920.076265d5@jabberwock.cb.piermont.com> <83r2khms1j.fsf@gnu.org> <20180705164500.0bde16cd@jabberwock.cb.piermont.com> <83bmbknafs.fsf@gnu.org> <20180707081833.37561702@jabberwock.cb.piermont.com> <83zhz3i3o3.fsf@gnu.org> <20180707094622.6eff25bf@jabberwock.cb.piermont.com> <83tvpbi0zv.fsf@gnu.org> <20180707112544.6a2b92c2@jabberwock.cb.piermont.com> NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1530979624 15465 195.159.176.226 (7 Jul 2018 16:07:04 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sat, 7 Jul 2018 16:07:04 +0000 (UTC) Cc: wyuenho@gmail.com, larsi@gnus.org, eggert@cs.ucla.edu, rms@gnu.org, emacs-devel@gnu.org To: "Perry E. Metzger" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Jul 07 18:07:00 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fbpjg-0003sy-2R for ged-emacs-devel@m.gmane.org; Sat, 07 Jul 2018 18:07:00 +0200 Original-Received: from localhost ([::1]:34228 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fbpll-0000Xj-9Q for ged-emacs-devel@m.gmane.org; Sat, 07 Jul 2018 12:09:09 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:59951) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fbpl5-0000Th-6w for emacs-devel@gnu.org; Sat, 07 Jul 2018 12:08:30 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fbpl1-0001zX-Hn for emacs-devel@gnu.org; Sat, 07 Jul 2018 12:08:27 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:54517) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fbpkm-0001p2-8h; Sat, 07 Jul 2018 12:08:08 -0400 Original-Received: from [176.228.60.248] (port=2627 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1fbpkf-0007Dv-2y; Sat, 07 Jul 2018 12:08:01 -0400 In-reply-to: <20180707112544.6a2b92c2@jabberwock.cb.piermont.com> (perry@piermont.com) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:227068 Archived-At: > Date: Sat, 7 Jul 2018 11:25:44 -0400 > From: "Perry E. Metzger" > Cc: rms@gnu.org, eggert@cs.ucla.edu, emacs-devel@gnu.org, larsi@gnus.org, > wyuenho@gmail.com > > > I don't know where you took that number. > > Maybe you should learn about the topics you have such strong opinions > on before expressing the strong opinions. If you were actually in the > field or even reading the literature, you wouldn't need to ask such > things. Maybe you should learn to talk with people who are not specialists, and maybe you should learn to recognize "strong opinions" when you see one. > > > As for your own configuration, you're free to change the defaults > > > any way you like, so why are you arguing anyway? > > > > Because I think there are many others like me. > > So the others like you can change the defaults any way you like. WHAT > IS THE PROBLEM. Irrelevant. We are talking about the defaults. > > I meant your opinions about how Emacs should design its > > security-related UI and treat its users. They are definitely not > > facts, > > So far, I hear a number of people saying "the reasonable thing is to > use the same default behavior that pretty much everything else uses", > and I hear Eli saying "no, no, I want to make things more complicated > because I claim that somehow there will be great inconvenience if > the software rejects obviously forged certificates or obviously > insecure cipher suites by default". So maybe you should learn to listen more carefully. And read, for that matter. > What exactly is the inconvenience you anticipate if an Emacs IMAP > user connecting to google rejects a certificate that isn't vouched > for by the CT mechanism? Can you explain _precisely_ why you insist > that it is necessary to have different defaults than everyone else > uses? I already did. PLEASE RE-READ WHAT I WROTE, and not necessarily to in response to your posts. > > > And this sets you apart from people who have worked in the field > > > for decades, and from people who have done objective studies in > > > the field. > > > > Studies on Emacs users? > > Emacs users are for the most part human beings, yes. They are not a representative sample of computer users, however. So what by and large is correct for the bulk of the users is not necessarily correct for Emacs users. > > You are completely missing the point. No one claimed we should > > expect users to judge certificates. > > Then what the hell are you arguing for? READ MY MESSAGES!! > > I see these issues every day, using mostly > > Firefox and IE. > > Why are you using IE? Because I sometimes have to. And there's nothing special about it, it actually sometimes works better than Firefox. > > Please read Jimmy's comments on this, and respond to them if you > > want. > > Jimmy is entirely reasonable here. I'm not arguing with him because > he's not saying anything terribly wrong. Then you don't have any argument with me, either, because I don't have any argument with Jimmy. (And please leave out ad-hominem, your unconcealed disdain makes this a very unpleasant discussion.)