From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Lars Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: Deprecate TLS1.0 support in emacs Date: Thu, 03 Aug 2017 13:48:20 +0200 Message-ID: <873798j2ij.fsf@mouse> References: <87o9sp7qok.fsf@gmail.com> <87zic9vk98.fsf@mouse> <87fue17mo5.fsf@gmail.com> <87tw2hvhob.fsf@mouse> <8760ex63hi.fsf@gmail.com> <87fue1v5lr.fsf@mouse> <87shi0tqh3.fsf@gmail.com> <87d18fwl66.fsf@gmail.com> <87tw1rihu0.fsf@mouse> <4037dc81-4245-6925-842a-2c84a5ba996d@cs.ucla.edu> <87pocfibky.fsf@mouse> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1501760966 26782 195.159.176.226 (3 Aug 2017 11:49:26 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 3 Aug 2017 11:49:26 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) Cc: emacs-devel@gnu.org To: Stefan Monnier Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Aug 03 13:49:17 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ddEcr-0006LV-Cz for ged-emacs-devel@m.gmane.org; Thu, 03 Aug 2017 13:49:13 +0200 Original-Received: from localhost ([::1]:34136 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ddEcx-0007eg-AJ for ged-emacs-devel@m.gmane.org; Thu, 03 Aug 2017 07:49:19 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41421) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ddEcL-0007di-UJ for emacs-devel@gnu.org; Thu, 03 Aug 2017 07:48:43 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ddEcH-0007e9-IO for emacs-devel@gnu.org; Thu, 03 Aug 2017 07:48:41 -0400 Original-Received: from hermes.netfonds.no ([80.91.224.195]:52555) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ddEcH-00073S-BI for emacs-devel@gnu.org; Thu, 03 Aug 2017 07:48:37 -0400 Original-Received: from cm-84.209.243.26.getinternet.no ([84.209.243.26] helo=mouse) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1ddEc0-0007Zy-Gy; Thu, 03 Aug 2017 13:48:22 +0200 In-Reply-To: (Stefan Monnier's message of "Tue, 01 Aug 2017 13:56:02 -0400") X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 80.91.224.195 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:217258 Archived-At: Stefan Monnier writes: >> Yes, I agree. eww, for instance, could remove the green URL when using >> TLS 1.0, etc. But the proposed NSM warning (which would make the user >> answer "y" to a direct question about the TLS-ness) is too heavy, in my >> opinion. > > Could we replace the prompt with a simple message (and if the message > gets overwritten too soon, maybe adding a short delay)? Hm... that sounds like a nice compromise. However, there might be a lot of these messages if, for instance, the user visits a web page where all the images are being served over a TLS connection we're warning about. Or perhaps warnings in those instances should be inhibited? Anyway, the NSM layer could be easily extended to add certain notifications to each security level. So you'd get something like "Connection to fsf.org:443 is less secure because of an old TLS version" or along those lines flashing in the minibuffer... -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no