From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: A couple of questions and concerns about Emacs network security Date: Sat, 07 Jul 2018 17:17:24 +0300 Message-ID: <83tvpbi0zv.fsf@gnu.org> References: <20180705093346.071e6970@jabberwock.cb.piermont.com> <83wou9n66t.fsf@gnu.org> <20180705112920.076265d5@jabberwock.cb.piermont.com> <83r2khms1j.fsf@gnu.org> <20180705164500.0bde16cd@jabberwock.cb.piermont.com> <83bmbknafs.fsf@gnu.org> <20180707081833.37561702@jabberwock.cb.piermont.com> <83zhz3i3o3.fsf@gnu.org> <20180707094622.6eff25bf@jabberwock.cb.piermont.com> NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1530972955 9552 195.159.176.226 (7 Jul 2018 14:15:55 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sat, 7 Jul 2018 14:15:55 +0000 (UTC) Cc: wyuenho@gmail.com, larsi@gnus.org, eggert@cs.ucla.edu, rms@gnu.org, emacs-devel@gnu.org To: "Perry E. Metzger" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Jul 07 16:15:51 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fbo05-0002MU-ET for ged-emacs-devel@m.gmane.org; Sat, 07 Jul 2018 16:15:49 +0200 Original-Received: from localhost ([::1]:33844 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fbo2C-0000oL-Fg for ged-emacs-devel@m.gmane.org; Sat, 07 Jul 2018 10:18:00 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42755) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fbo22-0000oB-Kp for emacs-devel@gnu.org; Sat, 07 Jul 2018 10:17:53 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fbo1y-0004Ui-W9 for emacs-devel@gnu.org; Sat, 07 Jul 2018 10:17:50 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:53416) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fbo1f-00049j-PA; Sat, 07 Jul 2018 10:17:27 -0400 Original-Received: from [176.228.60.248] (port=3684 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1fbo1Y-000301-GD; Sat, 07 Jul 2018 10:17:20 -0400 In-reply-to: <20180707094622.6eff25bf@jabberwock.cb.piermont.com> (perry@piermont.com) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:227059 Archived-At: > Date: Sat, 7 Jul 2018 09:46:22 -0400 > From: "Perry E. Metzger" > Cc: rms@gnu.org, eggert@cs.ucla.edu, emacs-devel@gnu.org, larsi@gnus.org, > wyuenho@gmail.com > > On Sat, 07 Jul 2018 16:19:40 +0300 Eli Zaretskii wrote: > > > Date: Sat, 7 Jul 2018 08:18:33 -0400 > > > From: "Perry E. Metzger" > > > Cc: Eli Zaretskii , eggert@cs.ucla.edu, > > > emacs-devel@gnu.org, larsi@gnus.org, wyuenho@gmail.com > > > > > > There is ample evidence that people in such situations rarely if > > > ever understand what the right thing to do is. > > > > That doesn't necessarily mean we need to assume none of them will > > understand that, if the considerations are explained in clear terms > > that can be mapped to the user's environment. > > The difference between "none" and "under 5%" is so small as to be > unimportant. I don't know where you took that number. Any idea what is the correlation between those 5% and the percentage of people who use Emacs, btw? > In tests, even with very careful explanations, only a > really tiny fraction of users seem to make good decisions some of > the time, and that's even when computer science undergraduates are the > test subjects. We are not talking about the same decisions in the same terms. Once again, I suggest to re-read my comments to Jimmy's patches and the following discussion. > > And my personal experience definitely contradicts your "everyone" > > claim: e.g., my home network is set up with several non-default > > defenses, and so is my smartphone. Why should we assume a > > significant part of Emacs users is in the "everyone" camp? They > > did choose to use Emacs, didn't they? > > The difference between one person in a hundred and no one is so small > for purposes of deciding on default behavior as to be unimportant. I don't think your estimation of the percentage is accurate, wrt Emacs users. They are not the typical mass user of computers. > As for your own configuration, you're free to change the defaults any > way you like, so why are you arguing anyway? Because I think there are many others like me. I'm not special in any way, neither in my Emacs usage patterns nor in how I approach security. > > You are entitled to your opinions > > These are not opinions. They're facts. They're based on decades of > field experience and objective studies published in the academic > literature. There is almost universal agreement among the > studies, too -- there are no published outliers that I'm aware of. I meant your opinions about how Emacs should design its security-related UI and treat its users. They are definitely not facts, because we are talking about something that doesn't yet exist, so it couldn't be a subject of decades of studies. > > but I don't agree that we should > > design our defaults based on the assumption that we cannot expect > > our users to make informed decisions. > > And this sets you apart from people who have worked in the field for > decades, and from people who have done objective studies in the field. Studies on Emacs users? > I strongly suspect, by the way, that I could easily get you to make a > bad security decision in a test environment. I don't trust myself to > evaluate the origin of certificates in real time -- it's just too > difficult to read an x.509 cert's contents and verify everything you > need to (including the hash algorithms used in the entire chain, > figuring out if the CA is one I should be expecting for this > particular host, etc.) That is in spite of the fact that I've been > doing this professionally for a very long time. I suspect I could > easily cook up certs that you wouldn't be able to figure out, and > that you would make the wrong decision if prompted to look at them. You are completely missing the point. No one claimed we should expect users to judge certificates. > > > The other thing is, in spite of the constant claims, running with > > > the level of security provided by Firefox or Chrome or Safari > > > isn't the least bit inconvenient, so there's no obvious reason > > > not to do at least _that_. > > > > One would think that those "constant claims" might just provide > > such a reason. > > The only one making this claim is _you_. My "claims" are facts. I see these issues every day, using mostly Firefox and IE. I'd be surprised if I were the only one, because there's nothing special in my setups. > > Besides, we don't really follow what those browsers do, > > But we should. It's insane not to. Please read Jimmy's comments on this, and respond to them if you want.