From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Jimmy Yuen Ho Wong Newsgroups: gmane.emacs.devel Subject: Re: A couple of questions and concerns about Emacs network security Date: Mon, 9 Jul 2018 14:49:12 +0100 Message-ID: References: <83o9g2uhju.fsf@gnu.org> <20180705115826.73c1d95e@jabberwock.cb.piermont.com> <83a7r4n5ht.fsf@gnu.org> <87lgaoaf2f.fsf@gmail.com> <877em7o09z.fsf@gmail.com> <87r2kcmu7q.fsf@gmail.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Trace: blaine.gmane.org 1531144051 27001 195.159.176.226 (9 Jul 2018 13:47:31 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 9 Jul 2018 13:47:31 +0000 (UTC) Cc: Paul Eggert , Eli Zaretskii , "Perry E. Metzger" , rms@gnu.org, Emacs-Devel devel To: Lars Ingebrigtsen Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jul 09 15:47:27 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fcWVh-0006sH-Ub for ged-emacs-devel@m.gmane.org; Mon, 09 Jul 2018 15:47:26 +0200 Original-Received: from localhost ([::1]:42123 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcWXp-0006E5-1U for ged-emacs-devel@m.gmane.org; Mon, 09 Jul 2018 09:49:37 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:46721) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcWXi-00068z-F9 for emacs-devel@gnu.org; Mon, 09 Jul 2018 09:49:31 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fcWXd-0002cl-Gt for emacs-devel@gnu.org; Mon, 09 Jul 2018 09:49:30 -0400 Original-Received: from mail-it0-x235.google.com ([2607:f8b0:4001:c0b::235]:53202) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fcWXd-0002cZ-Az; Mon, 09 Jul 2018 09:49:25 -0400 Original-Received: by mail-it0-x235.google.com with SMTP id p4-v6so25454958itf.2; Mon, 09 Jul 2018 06:49:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mR+pW5KsJ35m2tvtajKqJh7NS0yRaYdP6SL2Jl5nAxU=; b=GHUn3pdn+jxuo4sFZq0cU6CPeKRAZkbpqjUSf3Ey2g8/t8FehAu/ynfROVGJJPgmdJ embSTaaWmi2jWNi2D6xJ9t29Gz62tELBg/2yxcFKKKbkkAo6OOx/MC1xR9MB8cf0nUTd DvYCRlIXq/ErYJTLKDrWyx9AVjM9U+fMTyqj5zGp+Gs+eqpJ/4C4jZC+fmOmbUzB9QRO pr40aN4J5yDkQb9uCnM50R2ge/YkAuHeuIAT/a5lU9HReDftfghMc6uM4dNV74yQMg6k ExZ6ui8rK70RY8QehxMwyOMe1tKyKHIVrtfltTtidDbuz7c1+w5Qb9yb5Wg813wOtW/r NBBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mR+pW5KsJ35m2tvtajKqJh7NS0yRaYdP6SL2Jl5nAxU=; b=Hz7nFvMd8SfGV4BFgjzpe1mZW7DozXA7lAmBt0pmcjHVLyeToguJWASGDmAfZCyIct E8QBMcUr6nbUydw8o8i/NwIEVhEucKJV1DxIgXTRNycPEtXqS5LKBjFFcVi46UqV7QRT qrDfi6NKt3KwiyR4a2EssRnfMlYjWN0XJJ4PAEOl0/s3Gs7t4P4hJ4GbN1S88DOdQv9v FA0omTVSGs6wGZ1cSbos1MtIgUbanshLjHbuRsfC6WsL3If0a+0IB7U3Q/6/WSmAjg5J LYD4VVJytiF7Vmb7gTmQ2Ay1CaQ+eO1L0S3u2TALAwkP9AuxsUAWs671i3WxGaMNIfs8 Gn3A== X-Gm-Message-State: APt69E296CkT9Yquq0Jvpcp7Zmk9qeQab5ezqelVSOWXgULezjuEF53v SbWr+ayfnpMTD0haIVSdeD3EhtE4MeTK7sTYiVM= X-Google-Smtp-Source: AAOMgpdgTBvALKi/gpoExIMHmh3y8spOJxs0KAuOFW6dUnRqLFeGZyNA1Xmf6NoCBYpsfZSgo5udP+ljWYTm+MPeryI= X-Received: by 2002:a02:1e08:: with SMTP id m8-v6mr17619773jad.8.1531144164527; Mon, 09 Jul 2018 06:49:24 -0700 (PDT) In-Reply-To: X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4001:c0b::235 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:227152 Archived-At: On Mon, Jul 9, 2018 at 2:44 PM Lars Ingebrigtsen wrote: > > Jimmy Yuen Ho Wong writes: > > > I thought about this, but there's no standard that bans TLS 1.1, nor > > TLS client implementations that disabled it by default. Besides, all > > the problems TLS 1.1 has is already checked by the other checks. This > > reason I'm checking for TLS 1.0 is somewhat arbitrary, as all the > > problems it has is already checked by other checks too. So maybe even > > checking for 1.0 is already too strict, but PCI DSS does ban it, so... > > For those who don't understand security acronym soup, the latter means > "Payment Card Industry Data Security Standard". > > And I don't think that's the level we should be considering for Emacs, > even at the "high" level, because it's pretty... excessive. Last time > I checked. > The only TLS requirement in PCI DSS is to use TLS 1.1 and above. There's no other requirement that I'm aware of.