From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Lars Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: The netsec thread Date: Sun, 25 Aug 2019 07:32:28 +0200 Message-ID: <87r259ajyr.fsf@gnus.org> References: <86pnzdrn8u.fsf@gmail.com> <834l36koak.fsf@gnu.org> <87pnlg7r83.fsf@mouse.gnus.org> <87o90gd1us.fsf@mouse.gnus.org> <838srkb64w.fsf@gnu.org> <87ef1cb3ua.fsf@gnus.org> <83r25cjbm6.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="221367"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: rpluim@gmail.com, emacs-devel@gnu.org To: Eli Zaretskii Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Aug 25 07:32:43 2019 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1i1l8s-000vTu-Sy for ged-emacs-devel@m.gmane.org; Sun, 25 Aug 2019 07:32:43 +0200 Original-Received: from localhost ([::1]:40888 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i1l8r-0001Zx-5U for ged-emacs-devel@m.gmane.org; Sun, 25 Aug 2019 01:32:41 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:51922) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i1l8k-0001ZY-V6 for emacs-devel@gnu.org; Sun, 25 Aug 2019 01:32:36 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i1l8j-00083Z-MZ for emacs-devel@gnu.org; Sun, 25 Aug 2019 01:32:34 -0400 Original-Received: from quimby.gnus.org ([80.91.231.51]:51964) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i1l8j-000832-Ft; Sun, 25 Aug 2019 01:32:33 -0400 Original-Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1i1l8e-0001Qy-UP; Sun, 25 Aug 2019 07:32:31 +0200 In-Reply-To: <83r25cjbm6.fsf@gnu.org> (Eli Zaretskii's message of "Fri, 23 Aug 2019 15:43:29 +0300") X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 80.91.231.51 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:239543 Archived-At: Eli Zaretskii writes: > I'm firmly against removing existing documentation. I simply don't > believe it could ever do any harm. > > Specifically, regarding these issues, I don't like the paternalistic > attitude "believe us we're doing the best-effort job to adhere to best > practices". Nothing and no one can assure we know best in every > particular situation, so leaving the knobs for users to DTRT when we > don't cannot be wrong. I don't think it's a paternalistic attitude. I just think these issues aren't any more interesting to somebody reading the Emacs manual than any other protocol issue. In the Emacs manual, we don't discuss details of the SMTP or IMAP protocols, and we don't give an exegesis on UTF-8. But for TLS connections, we currently have a lot of talk about RC4 and 3DES and the like, and removing that isn't any more a matter of "trust us, we know what we're doing" than not explaining in detail the difference between EHLO and HELO in the SMTP protocol. > I might agree to making the manual descriptions shorter, like > mentioning the variables and pointing to the doc strings for their > detailed descriptions. But this is only acceptable if the text in the > manual is little more than a copy of the doc string; otherwise we > should enhance the doc strings to tell more. The doc strings in the NSM are more detailed than anybody could wish for, so pointing the Emacs manual readers to those is a good idea, I think. Here's the doc string for one of the about 20 checks: (defun nsm-protocol-check--rsa-kx (host port status &optional settings) "Check for static RSA key exchange. Static RSA key exchange methods do not offer perfect forward secrecy, therefore, the security of a TLS session is only as secure as the server's private key. Due to TLS' use of RSA key exchange to create a session key (the key negotiated between the client and the server to encrypt traffic), if the server's private key had been compromised, the attacker will be able to decrypt any past TLS session recorded, as opposed to just one TLS session if the key exchange was conducted via a key exchange method that offers perfect forward secrecy, such as ephemeral Diffie-Hellman key exchange. By default, this check is only enabled when `network-security-level' is set to `high' for compatibility reasons. Reference: Sheffer, Holz, Saint-Andre (May 2015). \"Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)\", \"(4.1. General Guidelines)\" `https://tools.ietf.org/html/rfc7525\#section-4.1'" -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no