From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Robert Pluim Newsgroups: gmane.emacs.devel Subject: Re: A couple of questions and concerns about Emacs network security Date: Fri, 06 Jul 2018 10:36:54 +0200 Message-ID: <87po00ahg9.fsf@gmail.com> References: <83po0iuhs7.fsf@gnu.org> <20180705113320.17e6b8ee@jabberwock.cb.piermont.com> <83po01mrvh.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1530866142 3016 195.159.176.226 (6 Jul 2018 08:35:42 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 6 Jul 2018 08:35:42 +0000 (UTC) Cc: eggert@cs.ucla.edu, wyuenho@gmail.com, npostavs@gmail.com, emacs-devel@gnu.org, larsi@gnus.org, "Perry E. Metzger" To: Eli Zaretskii Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Jul 06 10:35:37 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fbMDJ-0000gQ-5P for ged-emacs-devel@m.gmane.org; Fri, 06 Jul 2018 10:35:37 +0200 Original-Received: from localhost ([::1]:56365 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fbMFQ-0006qI-CP for ged-emacs-devel@m.gmane.org; Fri, 06 Jul 2018 04:37:48 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:57410) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fbMEg-0006pz-M8 for emacs-devel@gnu.org; Fri, 06 Jul 2018 04:37:06 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fbMEc-0001xM-NZ for emacs-devel@gnu.org; Fri, 06 Jul 2018 04:37:02 -0400 Original-Received: from mail-ed1-x531.google.com ([2a00:1450:4864:20::531]:37352) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fbMEc-0001tH-FS; Fri, 06 Jul 2018 04:36:58 -0400 Original-Received: by mail-ed1-x531.google.com with SMTP id v22-v6so8095863edq.4; Fri, 06 Jul 2018 01:36:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:mail-followup-to:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:mime-version :content-transfer-encoding; bh=aVdYjtj3XTIU7J7jcF69TpFnbB+wDaClkHKs3ubJk5M=; b=Tfqou9IHRWLnuC1+JLBU4CkVCgawfAP+a2I7wJ0xFo1Uiv98HIdr01JWlqf/X7FyGX E0Z0ifBufMKgDvdjceMMmqqKtFRCT+ts1sUwSaykHqr32ZoWG2FKDb2uUqKkc4RJOVCX fO+BBU/EeVim9G7FVvlw+plNpghgHxEG5Ui5RINuXCHzm2m7M7pwn15NOefWUkfZgHo4 +eTQb6iALAZtnUPgeCx0Rq8TGnbtWt9zkT22qr4tZM2zfMxsoVsldAjmTpmu72TaVE6Z ch29RGgn52dwbsvjr1zWGjMs57cZLz2XjE+F5X3HaZtkY125K/IgrY64u2pBzRGIulra f3Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:mail-followup-to :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :mime-version:content-transfer-encoding; bh=aVdYjtj3XTIU7J7jcF69TpFnbB+wDaClkHKs3ubJk5M=; b=PmlikfVNQ6qmT4fuqsOStvNWNGfN2u//qeV0ASmGn2uG/ZqHzeRwtUu1gSDDwuvZmv bKSHwePxbmR12ec/utNVk2qjzTgwhICW+eiMI6R/LgHM0g5M0u9YiSlVEHqQ+OwfBL0Z B3FOfwfLPAEdAv/kj/JS0QQmPmo/jMtya08SN+sm57TH9izop8v7Mql855M8+8lFkXY9 JvrNHTURt6IjDfM2xPEtiQAt+TykAAg8Lnv6Q069tWK4WDh9IpLOIGYRMj4LCbB+llRJ oL3cpWB+t7+0z3uCJFLL0cDx29nkePSLcP3wHdHQ4UNqe428eBk1teyxRw5EQAXZq/gu BA9g== X-Gm-Message-State: APt69E2zDnLj3Cw1Hn5R14ZylAQmuOIJ9nYXoo2IJRyQViiCwcwW7lHr arcFbmFxaqbxj7jChb4R9mg= X-Google-Smtp-Source: AAOMgpf2X36xFVSvMTBH8UkC6D2zLBy1/xLYDs8vk3cntXCU8hSoSZWhZ/5ahOGgeCZ3/qc+hzczKQ== X-Received: by 2002:a50:d989:: with SMTP id w9-v6mr738504edj.63.1530866216920; Fri, 06 Jul 2018 01:36:56 -0700 (PDT) Original-Received: from rpluim-ubuntu ([149.5.228.1]) by smtp.gmail.com with ESMTPSA id m6-v6sm3997280ede.61.2018.07.06.01.36.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Jul 2018 01:36:56 -0700 (PDT) Mail-Followup-To: emacs-devel@gnu.org Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: <83po01mrvh.fsf@gnu.org> (Eli Zaretskii's message of "Thu, 05 Jul 2018 21:58:42 +0300") X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::531 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:226988 Archived-At: Eli Zaretskii writes: >> Date: Thu, 5 Jul 2018 11:33:20 -0400 >> From: "Perry E. Metzger" >> Cc: Noam Postavsky , larsi@gnus.org, eggert@cs.ucla.= edu, >> wyuenho@gmail.com, emacs-devel@gnu.org >>=20 >> > > Can we bump gnutls-min-prime-bits to 1024 on the release branch?=20= =20 >> >=20 >> > No, I don't think so. Changing these settings needs a prolonged >> > testing period to uncover any subtle problems with non-conforming >> > servers that users must be able to access, and such testing is >> > unlikely to happen on emacs-26 before the next bug-fix release. >>=20 >> All modern browsers set 1024 as a minimum. There is no need for Emacs >> to worry about this as it has been years since you could connect to a >> web site with less than 1024 bits security. It should be changed as >> soon as possible. Even 1024 bits is too small, but this is at least >> better than the current situation. > > Emacs is not a Web browser, it uses the network for purposes other > than browsing Web pages, so what browsers do is less relevant than > what you seem to imply. > > Anyway, it seems you completely miss my point: I didn't say that we > shouldn't increase the number of bits, just that we shouldn't do that > on the release branch, unless we are willing to delay Emacs 26.2 > significantly. FWIW, I=CA=BCve had gnutls-min-prime-bits set to 1024 since 2014-11-25, and have seen no adverse effects from it, so I don=CA=BCt think the risk is that great. Regarsd Robert