From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Jimmy Yuen Ho Wong Newsgroups: gmane.emacs.devel Subject: Re: A couple of questions and concerns about Emacs network security Date: Thu, 5 Jul 2018 14:50:10 +0100 Message-ID: References: <20180705093346.071e6970@jabberwock.cb.piermont.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1530798553 27571 195.159.176.226 (5 Jul 2018 13:49:13 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 5 Jul 2018 13:49:13 +0000 (UTC) User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.0 Cc: Paul Eggert , emacs-devel@gnu.org To: "Perry E. Metzger" , Lars Ingebrigtsen Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Jul 05 15:49:09 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fb4dA-000716-Cm for ged-emacs-devel@m.gmane.org; Thu, 05 Jul 2018 15:49:08 +0200 Original-Received: from localhost ([::1]:52918 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fb4fH-0006hl-Ie for ged-emacs-devel@m.gmane.org; Thu, 05 Jul 2018 09:51:19 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51834) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fb4eK-0006eH-Eq for emacs-devel@gnu.org; Thu, 05 Jul 2018 09:50:25 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fb4eE-0005M7-UK for emacs-devel@gnu.org; Thu, 05 Jul 2018 09:50:20 -0400 Original-Received: from mail-wm0-x22d.google.com ([2a00:1450:400c:c09::22d]:34785) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fb4eE-0005HF-JZ for emacs-devel@gnu.org; Thu, 05 Jul 2018 09:50:14 -0400 Original-Received: by mail-wm0-x22d.google.com with SMTP id s13-v6so1827673wmc.1 for ; Thu, 05 Jul 2018 06:50:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=NSMlr+N8FQDnigElgmDtAgqp52nBn7arJiVs/4R1l5w=; b=fzMdhpnFikgENw61g7y05AsaQetL2B7/grRssR3DU9w61oAsZ9Dc651Mnz0hVf4/B4 tonKKfSVl6U1XlP87SdrywwpWYlhErpy3xx0zf1E+1PoU+DNwvM7i9AtUWvp64xnjckX 0hP4/2VPKiITVP+N2MoIyaiXPbktZT7cFndqp1eEn0tHusuMw3ZqvIgmw+DXwTS9GE+9 WsLqETbryH1/JyTECJ+Whpbj5NwQJ10wVFJppkkTW1THBdRcm44arsggmWZMFuOSwJbr gPlhMBV4BmUHEQYjs8gVFpzpQOO929Wed7UPXw8FzhNRaWtcEfmnLEKfk3XAirk+wDoZ 2t/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding:content-language; bh=NSMlr+N8FQDnigElgmDtAgqp52nBn7arJiVs/4R1l5w=; b=sWccIOSq6al4P+r+pzhxu9Bv8KQ8aBG21hFiTL2cZIiaaG4XlCVqSnC019t/i+Cslk XNy3n1R1BkV2ThIWWLy4Dsu0SjIinSWhOBsC8WYKG23gZeJpd1yyxwlc5+7Vc5UxiLP/ dl5hjuqKKjIx40S3VZWGjf71F2edKHwYhMVnxLAzAsbYuXIV+hluD9izBZnOGm/BKpGM WgFMKGSg/oDLvxheYtdhjerGLSvcKUv61VK4lirjnOXLibqsWOPYlwIsCqN5GzrdbJWo 1wcQh+cVW57zqiURlK3s0hXMBmSEyUrstF9DfGHekQhEBCRxV7wGYm3InaI7k+tDV2MA Vh5w== X-Gm-Message-State: APt69E0jocQbl6NM47gumWBhSLTSxXePPkoXmVpOnFXKn6CwFrjW3bj1 ivxy4KTZXx7+m/NLqYvSFWUHjYDk X-Google-Smtp-Source: AAOMgpd75iqKeroL00X+3xf9YonaRh/f6tiX6wvUhvhPU4b/DtL+zTxs/I9VIYYpQcx+qo3K+atR+w== X-Received: by 2002:adf:ac2d:: with SMTP id v42-v6mr4630930wrc.142.1530798612696; Thu, 05 Jul 2018 06:50:12 -0700 (PDT) Original-Received: from mobilecat.lan ([88.98.208.53]) by smtp.gmail.com with ESMTPSA id b7-v6sm7547894wme.39.2018.07.05.06.50.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 Jul 2018 06:50:11 -0700 (PDT) Openpgp: preference=signencrypt Autocrypt: addr=wyuenho@gmail.com; prefer-encrypt=mutual; keydata= xsFNBFrSFY8BEADPCwJ+z3krWkYRMNlw3UkxtYlj3v5fuPzjxvpzegH7x0breoiF782EY1j6 Xr3U3yV6WKBRVNgCkF6xibSl1BXFYQMw+k/27OGr/v+7NB+HOORAKxMvYeepR9nMpQuIB5+4 BT2Jyk2bmnpS27eXscDFlS4KmUPztg1odVGlMwe0ltrNgmEb5AZ7OSGw9doq4KfwBLJ0K+YQ Se0LltI8DP/TTNgl/srmWxWER4DhNB7c5+Eu8k+OLSED1bborTZPOBN6xYVupv8KolQNMg3c EvQ11jvVCa5vDV1o/2IR2UT18fp2XjFQbJSHd6dKuXnBNlkyqhtgJzDBk6YtBhRlh+/2DcKA VCaxIFNjWAl1SmTb79rPYIVRHCN7WCj2wV+rjBb3DAQ4TAWjOiEBkBQIdWIA2Cv7nOsni4cT /s9yb7ZU0KUGdoFs5vVCk0z9fDKvzZKifPerT5zPzeEq6k7CvU2Gfkk7CMWUcmi/2gjKspXv POL2c5Wl+lTwrOYs4ZEwy1QHXq7DIdod0wjWBc8LmiezW8kdYJMNjBq6+4nRdQHgjh92oYjF Xn0NZy77wlpzq3AMRMCRe2KPfEFfe2JolsTpDG0JLQZ3YO2zEqGJS9l0lpJh8wRvnQgK8ZIb XkG4fnj84wnm3pQ2P8qmpeLcVeeBIZ+N6zLiw1PMCKbcYshYCQARAQABzSVKaW1teSBXb25n IDxqaW1teS53b25nQGhvbWV0YXN0eS5jb20+wsF3BBMBCAArBQJa0hWPCRAnMIcQEcWsLwIb AwUJCWYBgAULCQgHAg In-Reply-To: <20180705093346.071e6970@jabberwock.cb.piermont.com> Content-Language: en-GB X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c09::22d X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:226950 Archived-At: I'm currently doing a second pass for my patch for bug#31946. I also have a preliminary OCSP patch. Emacs network security is going to be a lot better soon, I promise. Meanwhile, GnuTLS doesn't seem to have support Certificate Transparency (gnutls#232), but you could export the extension as DER bytes, so feel free to figure out how to deal with that in elisp. On 05/07/2018 14:33, Perry E. Metzger wrote: > Old thread, but I thought I'd reply on it. > > On Sat, 23 Jun 2018 12:23:31 +0200 Lars Ingebrigtsen > wrote: >> For those who don't know what this is: Some browsers now ship with >> built-in lists of certificate hashes, so if you're visiting that >> site and presented with a different than expected certificate, >> you'll know that somebody else has issued a certificate for the >> site, and somebody has hijacked the connection. >> >> Or, perhaps, that they just lost the private key and had to >> generate a new certificate and now, oops, everybody that uses the >> browsers with the built-in list will be unable to visit the site. > What you depict there never happens. People don't lose keys in such > circumstances. > > Pinning is what is done by sites like gmail to prevent third world > dictatorships from using stolen certificate credentials to spy on > their citizens. People who have been victims of this have had their > email read, been arrested by state security forces for dissent, and > have been tortured to death for lack of certificate pinning working > in their browsers. > > This is a matter of life and death for many people. > >> do this via ELPA, I think. Whether it's worth doing is another >> issue; I think the jury is still out on that one... > Do you think it's worth keeping people from quite literally being > tortured to death? > > For most of the secure HTTP stuff we've been discussing, I would far > rather be inconvenienced here and there than know my slight extra > convenience was being paid for in human blood. > > Perry