From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Jimmy Yuen Ho Wong Newsgroups: gmane.emacs.devel Subject: Re: A couple of questions and concerns about Emacs network security Date: Mon, 25 Jun 2018 19:06:00 +0100 Message-ID: References: <83po0iuhs7.fsf@gnu.org> <83lgb4tg92.fsf@gnu.org> <838t74td5t.fsf@gnu.org> <988de2f1-ec9a-4986-1ae5-ae435c736ac0@gmail.com> <831scuss6d.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="0000000000002ca7bf056f7b3ddc" X-Trace: blaine.gmane.org 1529949907 32737 195.159.176.226 (25 Jun 2018 18:05:07 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 25 Jun 2018 18:05:07 +0000 (UTC) Cc: Lars Ingebrigtsen , Paul Eggert , Noam Postavsky , Emacs-Devel devel To: Eli Zaretskii Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jun 25 20:05:02 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fXVrF-0008Iv-Uk for ged-emacs-devel@m.gmane.org; Mon, 25 Jun 2018 20:04:58 +0200 Original-Received: from localhost ([::1]:48634 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fXVtN-0001JG-4n for ged-emacs-devel@m.gmane.org; Mon, 25 Jun 2018 14:07:09 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33142) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fXVsg-0001Ik-3k for emacs-devel@gnu.org; Mon, 25 Jun 2018 14:06:27 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fXVse-0004cV-TC for emacs-devel@gnu.org; Mon, 25 Jun 2018 14:06:26 -0400 Original-Received: from mail-it0-x22f.google.com ([2607:f8b0:4001:c0b::22f]:40737) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fXVsc-0004b8-Pk; Mon, 25 Jun 2018 14:06:22 -0400 Original-Received: by mail-it0-x22f.google.com with SMTP id 188-v6so13655776ita.5; Mon, 25 Jun 2018 11:06:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ra8Le+3Otn04/ZdZwFMH333v6YPURQo1fofyWVA1LnM=; b=RqIKVijyZfXc/wYz9Kzxs5g2Va0HKjE/2+kUCZin+Gqs0de/sDtYBuf339FdM2dRPK EGMe87YNnK4+OrSJBJVt8OYjlDBeE+tlDq8FlRKNEgSABLPsS46DLEp+03CPnWnNjqWH Y/YuevC5jWQoEwTbQ++gPtLdjmZSskGmOzqqluxqtZIQh4/p5x7HrAwCb0dsHtn5DMr1 5euoTfr9LAOFO0djnsigAQlvrQtcuJyg4OISMbm+7BSH6jlUJemhWG1JG1s0Q6HzbF6M pAqm9A41bS7zHoW9h1z0QocKb3l9eeGkI6gM9CgOJhv/u20gTGjILntCuQ8rzYak2phm IgtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ra8Le+3Otn04/ZdZwFMH333v6YPURQo1fofyWVA1LnM=; b=NOTKDcj+/BMtDXxbSbGPjAI4ej/DAo96iKt0kJfiEtUz6phFqVsK994t7mf3lD+Ybr SOnl6xQ9vrQFdS2CyBqp9xYTx3c0yrVAHLnZ/42q0ULWrNxkZg9Q1647IovrhdqsYs6J VofuScabZJRohpuGFo0xI8FFN9L2z4ag3Pvq/k6m2/7olcszDj7DPRKbkrrIaYtVo+Ll ubDB0mXRE66D9+E6fIYR6hhbXz8Ww6M0lq2k4Lo3FuqQgxPlcGgtPwGyKaiaOrO8iDAY RBtel/nwK5xmz6bhqRyHLhjr/T9aY6T298vrlB8NIyAxIaynYUpZJatuQuIcK91kLAXW DqKw== X-Gm-Message-State: APt69E3GOIwWPwhfYSyJ/D+rK7HpO/pmAsaTYLIfV4b2cl24BLtz7LPA /zzdyHIPNcXLO10N6Pp0nPh18DPkfApq8Vz+VAIZDQ== X-Google-Smtp-Source: ADUXVKJRfdsNs4ztoHD0Fk2diHzlyFh9uEb5qtbME4eKnEpqKRinFCk9fl7Pk7/86GY4Oha2+gRe/unYyMfMrF9FyB4= X-Received: by 2002:a24:5495:: with SMTP id t143-v6mr1948662ita.31.1529949981531; Mon, 25 Jun 2018 11:06:21 -0700 (PDT) Original-Received: by 2002:a02:985d:0:0:0:0:0 with HTTP; Mon, 25 Jun 2018 11:06:00 -0700 (PDT) In-Reply-To: <831scuss6d.fsf@gnu.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4001:c0b::22f X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:226729 Archived-At: --0000000000002ca7bf056f7b3ddc Content-Type: multipart/alternative; boundary="0000000000002ca7bb056f7b3dda" --0000000000002ca7bb056f7b3dda Content-Type: text/plain; charset="UTF-8" Here's the updated patch. Suggested material to include in the manual or NEWS: Emacs now has preliminary checks for revoked TLS certificates. To utililize this feature, users are advised to install the IGTF trust anchor distribution and FetchCRL packages for their system, and update their .crl.pem files periodically in order to get the most updated Certificate Revocation Lists. Refer to the docstring of `gnutls-crlfiles' for details on how to supply their file locations to Emacs. On Mon, Jun 25, 2018 at 6:16 PM, Eli Zaretskii wrote: > > From: Jimmy Yuen Ho Wong > > Date: Sun, 24 Jun 2018 22:30:50 +0100 > > Cc: Eli Zaretskii , Paul Eggert , > > Noam Postavsky , emacs-devel@gnu.org > > > > Here's the patch to get GnuTLS to do CRL checking. > > Thanks, a few minor comments: > > > +(defcustom gnutls-crlfiles > > + '( > > + "/etc/grid-security/certificates/*.crl.pem" > > + ) > > + "List of CRL file paths or a function returning said list. > > +If a file path contains a glob pattern, it will be expanded. > > +The files may be in PEM or DER format, as per the GnuTLS documentation. > > +The files may not exist, in which case they will be ignored." > > + :group 'gnutls > > + :type '(choice (function :tag "Function to produce list of CRL > filenames") > > + (repeat (file :tag "CRL filename")))) > > This should have a :version tag. > > Do we really want/need to allow a function here? Isn't a list of > files enough? A function is more dangerous than a string, especially > in a security-sensitive place. > > Finally, I think this defcustom needs to be called out in NEWS. > --0000000000002ca7bb056f7b3dda Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Here's the updated patch.

Suggested material to include in the manual or NEWS:

=
Emacs now has preliminary checks for revoked TLS certificates. To util= ilize this feature, users are advised to install the IGTF trust anchor dist= ribution and FetchCRL packages for their system, and update their .crl.pem = files periodically in order to get the most updated Certificate Revocation = Lists. Refer to the docstring of `gnutls-crlfiles' for details on how t= o supply their file locations to Emacs.


<= div class=3D"gmail_extra">
On Mon, Jun 25, 20= 18 at 6:16 PM, Eli Zaretskii <eliz@gnu.org> wrote:
> From: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
> Date: Sun, 24 Jun 2018 22:30:50 +0100
> Cc: Eli Zaretskii <eliz@gnu.org>, Paul Eggert <eggert@cs.ucla.edu>,
>=C2=A0 =C2=A0 =C2=A0 =C2=A0Noam Postavsky <npostavs@gmail.com>, emacs-devel@gnu.org
>
> Here's the patch to get GnuTLS to do CRL checking.

Thanks, a few minor comments:

> +(defcustom gnutls-crlfiles
> +=C2=A0 '(
> +=C2=A0 =C2=A0 "/etc/grid-security/certificates/*.crl.pem&qu= ot;
> +=C2=A0 =C2=A0 )
> +=C2=A0 "List of CRL file paths or a function returning said list= .
> +If a file path contains a glob pattern, it will be expanded.
> +The files may be in PEM or DER format, as per the GnuTLS documentatio= n.
> +The files may not exist, in which case they will be ignored." > +=C2=A0 :group 'gnutls
> +=C2=A0 :type '(choice (function :tag "Function to produce li= st of CRL filenames")
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(repeat= (file :tag "CRL filename"))))

This should have a :version tag.

Do we really want/need to allow a function here?=C2=A0 Isn't a list of<= br> files enough?=C2=A0 A function is more dangerous than a string, especially<= br> in a security-sensitive place.

Finally, I think this defcustom needs to be called out in NEWS.

--0000000000002ca7bb056f7b3dda-- --0000000000002ca7bf056f7b3ddc Content-Type: application/octet-stream; name="0001-Check-TLS-certs-against-CRL.patch" Content-Disposition: attachment; filename="0001-Check-TLS-certs-against-CRL.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jiuk5div0 RnJvbSA5YTliNDIzMmEyOGZjOGEyMGQwZDIxN2U5MDU0MWY1YzdlMjdjN2RkIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKaW1teSBZdWVuIEhvIFdvbmcgPHd5dWVuaG9AZ21haWwuY29t PgpEYXRlOiBNb24sIDI1IEp1biAyMDE4IDE4OjQ2OjU3ICswMTAwClN1YmplY3Q6IFtQQVRDSF0g Q2hlY2sgVExTIGNlcnRzIGFnYWluc3QgQ1JMCgoqIGxpc3AvbmV0L2dudXRscy5lbCAoZ251dGxz LWJvb3QtcGFyYW1ldGVycyk6IFJldHVybgogIGBnbnV0bHMtY3JsZmlsZXMnIGluIGA6Y3JsZmls ZXMnLgogIChnbnV0bHMtY3JsZmlsZXMpOiBOZXcgZGVmY3VzdG9tLgogIChnbnV0bHMtLWdldC1m aWxlcyk6IE5ldyBkZWZ1bi4KICAoZ251dGxzLXRydXN0ZmlsZXMsIGdudXRscy1jcmxmaWxlcyk6 IERlbGVnYXRlIHRvCiAgYGdudXRscy0tZ2V0LWZpbGVzJyB0byByZXR1cm4gYSBsaXN0IG9mIGZp bGVuYW1lcywgYWNjZXB0cyBnbG9iIHBhdHRlcm4uCi0tLQogbGlzcC9uZXQvZ251dGxzLmVsIHwg MzAgKysrKysrKysrKysrKysrKysrKysrKysrKy0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMjUgaW5z ZXJ0aW9ucygrKSwgNSBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9saXNwL25ldC9nbnV0bHMu ZWwgYi9saXNwL25ldC9nbnV0bHMuZWwKaW5kZXggMDlkZjAxOWUyZS4uNjUwZGJmODk0MyAxMDA2 NDQKLS0tIGEvbGlzcC9uZXQvZ251dGxzLmVsCisrKyBiL2xpc3AvbmV0L2dudXRscy5lbApAQCAt OTYsMTIgKzk2LDI2IEBAIGdudXRscy10cnVzdGZpbGVzCiAgICAgIi9ldGMvc3NsL2NlcnQucGVt IiAgICAgICAgICAgICAgICAgICAgICA7IG1hY09TCiAgICAgKQogICAiTGlzdCBvZiBDQSBidW5k bGUgbG9jYXRpb24gZmlsZW5hbWVzIG9yIGEgZnVuY3Rpb24gcmV0dXJuaW5nIHNhaWQgbGlzdC4K K0lmIGEgZmlsZSBwYXRoIGNvbnRhaW5zIGdsb2Igd2lsZGNhcmRzLCB0aGV5IHdpbGwgYmUgZXhw YW5kZWQuCiBUaGUgZmlsZXMgbWF5IGJlIGluIFBFTSBvciBERVIgZm9ybWF0LCBhcyBwZXIgdGhl IEdudVRMUyBkb2N1bWVudGF0aW9uLgogVGhlIGZpbGVzIG1heSBub3QgZXhpc3QsIGluIHdoaWNo IGNhc2UgdGhleSB3aWxsIGJlIGlnbm9yZWQuIgogICA6Z3JvdXAgJ2dudXRscwogICA6dHlwZSAn KGNob2ljZSAoZnVuY3Rpb24gOnRhZyAiRnVuY3Rpb24gdG8gcHJvZHVjZSBsaXN0IG9mIGJ1bmRs ZSBmaWxlbmFtZXMiKQogICAgICAgICAgICAgICAgICAocmVwZWF0IChmaWxlIDp0YWcgIkJ1bmRs ZSBmaWxlbmFtZSIpKSkpCiAKKyhkZWZjdXN0b20gZ251dGxzLWNybGZpbGVzCisgICcoCisgICAg Ii9ldGMvZ3JpZC1zZWN1cml0eS9jZXJ0aWZpY2F0ZXMvKi5jcmwucGVtIgorICAgICkKKyAgIkxp c3Qgb2YgQ1JMIGZpbGUgcGF0aHMgb3IgYSBmdW5jdGlvbiByZXR1cm5pbmcgc2FpZCBsaXN0Lgor SWYgYSBmaWxlIHBhdGggY29udGFpbnMgZ2xvYiB3aWxkY2FyZHMsIHRoZXkgd2lsbCBiZSBleHBh bmRlZC4KK1RoZSBmaWxlcyBtYXkgYmUgaW4gUEVNIG9yIERFUiBmb3JtYXQsIGFzIHBlciB0aGUg R251VExTIGRvY3VtZW50YXRpb24uCitUaGUgZmlsZXMgbWF5IG5vdCBleGlzdCwgaW4gd2hpY2gg Y2FzZSB0aGV5IHdpbGwgYmUgaWdub3JlZC4iCisgIDpncm91cCAnZ251dGxzCisgIDp0eXBlICco Y2hvaWNlIChmdW5jdGlvbiA6dGFnICJGdW5jdGlvbiB0byBwcm9kdWNlIGxpc3Qgb2YgQ1JMIGZp bGVuYW1lcyIpCisgICAgICAgICAgICAgICAgIChyZXBlYXQgKGZpbGUgOnRhZyAiQ1JMIGZpbGVu YW1lIikpKQorICA6dmVyc2lvbiAiMjcuMSIpCisKIDs7OyMjI2F1dG9sb2FkCiAoZGVmY3VzdG9t IGdudXRscy1taW4tcHJpbWUtYml0cyAyNTYKICAgOzsgU2V2ZXJhbCBtYWlsIHNlcnZlcnMgc2Vu ZCBmZXdlciBiaXRzIHRoYW4gdGhlIEdudVRMUyBkZWZhdWx0LgpAQCAtMjYzLDYgKzI3Nyw3IEBA IGdudXRscy1sb2ctbGV2ZWwKIEl0IG11c3QgYmUgb21pdHRlZCwgYSBudW1iZXIsIG9yIG5pbDsg aWYgb21pdHRlZCBvciBuaWwgaXQKIGRlZmF1bHRzIHRvIEdOVVRMU19WRVJJRllfQUxMT1dfWDUw OV9WMV9DQV9DUlQuIgogICAobGV0KiAoKHRydXN0ZmlsZXMgKG9yIHRydXN0ZmlsZXMgKGdudXRs cy10cnVzdGZpbGVzKSkpCisgICAgICAgICAoY3JsZmlsZXMgKG9yIGNybGZpbGVzIChnbnV0bHMt Y3JsZmlsZXMpKSkKICAgICAgICAgIChtYXliZS1kdW1iZncgKGlmIChtZW1xICdDbGllbnRIZWxs b1wgUGFkZGluZyAoZ251dGxzLWF2YWlsYWJsZS1wKSkKICAgICAgICAgICAgICAgICAgICAgICAg ICAgICI6JURVTUJGVyIKICAgICAgICAgICAgICAgICAgICAgICAgICAiIikpCkBAIC0zMDQsMTMg KzMxOSwxOCBAQCBnbnV0bHMtbG9nLWxldmVsCiAgICAgICAgICAgICAgICAgOnZlcmlmeS1lcnJv ciAsdmVyaWZ5LWVycm9yCiAgICAgICAgICAgICAgICAgOmNhbGxiYWNrcyBuaWwpKSkKIAorKGRl ZnVuIGdudXRscy0tZ2V0LWZpbGVzIChmaWxlcykKKyAgKGNsLWxvb3AgZm9yIGYgaW4gZmlsZXMK KyAgICAgICAgICAgaWYgZiBkbyAoc2V0cSBmIChpZiAoZnVuY3Rpb25wIGYpIChmdW5jYWxsIGYp IGYpKQorICAgICAgICAgICBhcHBlbmQgKGNsLWRlbGV0ZS1pZi1ub3QgIydmaWxlLWV4aXN0cy1w IChmaWxlLWV4cGFuZC13aWxkY2FyZHMgZiB0KSkpKQorCiAoZGVmdW4gZ251dGxzLXRydXN0Zmls ZXMgKCkKICAgIlJldHVybiBhIGxpc3Qgb2YgdXNhYmxlIHRydXN0ZmlsZXMuIgotICAoZGVscSBu aWwKLSAgICAgICAgKG1hcGNhciAobGFtYmRhIChmKSAoYW5kIGYgKGZpbGUtZXhpc3RzLXAgZikg ZikpCi0gICAgICAgICAgICAgICAgKGlmIChmdW5jdGlvbnAgZ251dGxzLXRydXN0ZmlsZXMpCi0g ICAgICAgICAgICAgICAgICAgIChmdW5jYWxsIGdudXRscy10cnVzdGZpbGVzKQotICAgICAgICAg ICAgICAgICAgZ251dGxzLXRydXN0ZmlsZXMpKSkpCisgIChnbnV0bHMtLWdldC1maWxlcyBnbnV0 bHMtdHJ1c3RmaWxlcykpCisKKyhkZWZ1biBnbnV0bHMtY3JsZmlsZXMgKCkKKyAgIlJldHVybiBh IGxpc3Qgb2YgdXNhYmxlIENSTCBmaWxlcy4iCisgIChnbnV0bHMtLWdldC1maWxlcyBnbnV0bHMt Y3JsZmlsZXMpKQogCiAoZGVjbGFyZS1mdW5jdGlvbiBnbnV0bHMtZXJyb3Itc3RyaW5nICJnbnV0 bHMuYyIgKGVycm9yKSkKIAotLSAKMi4xOC4wCgo= --0000000000002ca7bf056f7b3ddc--