From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Robert Pluim Newsgroups: gmane.emacs.devel Subject: Re: Deprecate TLS1.0 support in emacs Date: Tue, 01 Aug 2017 17:12:53 +0200 Message-ID: <87vam7uxsa.fsf@gmail.com> References: <87o9sp7qok.fsf@gmail.com> <87zic9vk98.fsf@mouse> <87fue17mo5.fsf@gmail.com> <87tw2hvhob.fsf@mouse> <8760ex63hi.fsf@gmail.com> <87fue1v5lr.fsf@mouse> <87shi0tqh3.fsf@gmail.com> <87d18fwl66.fsf@gmail.com> <87tw1rihu0.fsf@mouse> <4037dc81-4245-6925-842a-2c84a5ba996d@cs.ucla.edu> <87pocfibky.fsf@mouse> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1501602266 15102 195.159.176.226 (1 Aug 2017 15:44:26 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 1 Aug 2017 15:44:26 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) Cc: Paul Eggert , Richard Stallman , emacs-devel@gnu.org To: Lars Ingebrigtsen Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Aug 01 17:44:20 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dcZLH-0003cS-Nd for ged-emacs-devel@m.gmane.org; Tue, 01 Aug 2017 17:44:19 +0200 Original-Received: from localhost ([::1]:43300 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcZLN-00055H-Me for ged-emacs-devel@m.gmane.org; Tue, 01 Aug 2017 11:44:25 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:38733) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcYqz-0001oz-EF for emacs-devel@gnu.org; Tue, 01 Aug 2017 11:13:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dcYqu-0002su-Ml for emacs-devel@gnu.org; Tue, 01 Aug 2017 11:13:01 -0400 Original-Received: from mail-wm0-x236.google.com ([2a00:1450:400c:c09::236]:35312) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dcYqu-0002s4-G6; Tue, 01 Aug 2017 11:12:56 -0400 Original-Received: by mail-wm0-x236.google.com with SMTP id m85so17798900wma.0; Tue, 01 Aug 2017 08:12:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:gmane-reply-to-list:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=LXOYwprveH2WRfNlUkwjnnJi6G88oJhtR14DoV+KX0k=; b=D+xgaj6mfVzVnYkVFvCOgSAwgSEijcGzEeh8dR6l666ID1w9cYphKwERjWDczTcs+V 5/0fOP4ssreO9Yk9WHVfqE+HBXzp4odnj86Ayv1zmSodizDzB4vEWGZBjcWOmFcYnsbf TKGVaO95eqwNkNcazyzkF5nbtuLIBsiuEm3RK727Oupms9z7Fi/mGpNIQvWOSIwVYCuY OIDdJWhUQxgUkelhUx2pvkLgdi8aHpFLk8pnYALe6VrBC/f12qlGrp5YNYMDpchFBYHF pXFvFurMdo4AqIp6XCM3P4DB5octkYtkC51S+Q9QuvCd7UhAwsfVaUL6ApoG+OEpm1xy Vaag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-transfer-encoding; bh=LXOYwprveH2WRfNlUkwjnnJi6G88oJhtR14DoV+KX0k=; b=PbfuutBsHneMknOB/a5gjTtccWj7OdW4YoGhR0WKpjXElBIGnKNTMyABmDfZGV2YJW 5L4VqIVjU+6+MSF9u2hYXBgHUESiKO60Fs2tbzgvaGjHdzfJGWqMHzUeRhHDp/rLWRPq zVp5j5LH59CKmqvXYFdVcgsCZO/90TS/GpNtVRPzO1lAe7ayw50CV4wG0whEud5IV3nR FPFoVHkMDdmu+y/Bfvg8moh4uYwoXS51y0an8pmRKwKvuKr8EuIeSGg6VuDNWatNpmhD +3y++q77p3nQ7BhojAQUHRe7Wt1bglolu4ZFnyTMWV/lLsr6FbQWADayOGC2iCRM5noA jmeQ== X-Gm-Message-State: AIVw1111YhODl8TWDyZugn69tIvLygk9LzK8HRhkEOYfIZcxJBMFmRQM AEtH7b+/5vXnD4ZlCE8= X-Received: by 10.28.31.77 with SMTP id f74mr1727855wmf.149.1501600374906; Tue, 01 Aug 2017 08:12:54 -0700 (PDT) Original-Received: from rpluim-ubuntu ([149.5.228.1]) by smtp.gmail.com with ESMTPSA id j5sm10866728wrj.10.2017.08.01.08.12.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 01 Aug 2017 08:12:54 -0700 (PDT) Gmane-Reply-To-List: yes In-Reply-To: <87pocfibky.fsf@mouse> (Lars Ingebrigtsen's message of "Tue, 01 Aug 2017 16:53:17 +0200") X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c09::236 X-Mailman-Approved-At: Tue, 01 Aug 2017 11:44:17 -0400 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:217213 Archived-At: Lars Ingebrigtsen writes: > Paul Eggert writes: > >> Last year I would have agreed, but nowadays I think it'd be better to >> warn about TLS 1.0 somehow. According to >> https://www.ssllabs.com/ssl-pulse/ from July 2016 to July 2017 TLS >> v1.2 support climbed from 78.3% to 87.3%, whereas support for TLS v1.0 >> dropped from 97.3% to to 93.4% as the higher-end sites tighten up >> security. By the time the next version of Emacs comes out, it looks >> like a mild warning about TLS v1.0 will be appropriate. > > Yes, I agree. eww, for instance, could remove the green URL when using > TLS 1.0, etc. But the proposed NSM warning (which would make the user > answer "y" to a direct question about the TLS-ness) is too heavy, in my > opinion. OK. I happen to like NSM, mainly because I like explicit and detailed messages from my tools, rather than having them change visual indicators, but mileage obviously varies. > But having the warning on the `high' NSM setting is fine with me, and > I'll see what I can do about removing green URLs from eww... Is that an offer to commit my patch? :-) There's =F0=9F=94=90 and =F0=9F=94=93 you can use if you feel like getting = fancy. Changing the colour of the URL doesn't speak to me very much. > Other services, like SMTP/IMAP/etc will have to invent other > "lightweight" ways to tell the user that the content is on the insecure > side. I'm not sure how you can signal that someone's SMTP/IMAP session is using an insecure protocol without ending up back at NSM. Robert