From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.devel Subject: Re: Network security manager Date: Mon, 17 Nov 2014 12:31:35 -0500 Message-ID: References: <87wq6uj5gt.fsf@lifelogs.com> <87k32tkh1x.fsf@lifelogs.com> <87fvdhkgtf.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1416245530 17903 80.91.229.3 (17 Nov 2014 17:32:10 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 17 Nov 2014 17:32:10 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Nov 17 18:32:04 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XqQ9i-0008CS-Ay for ged-emacs-devel@m.gmane.org; Mon, 17 Nov 2014 18:32:02 +0100 Original-Received: from localhost ([::1]:49456 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqQ9h-0001Lj-Rf for ged-emacs-devel@m.gmane.org; Mon, 17 Nov 2014 12:32:01 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48354) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqQ9P-0001K6-RB for emacs-devel@gnu.org; Mon, 17 Nov 2014 12:31:49 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XqQ9J-00072W-5V for emacs-devel@gnu.org; Mon, 17 Nov 2014 12:31:43 -0500 Original-Received: from chene.dit.umontreal.ca ([132.204.246.20]:39435) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqQ9J-00072L-2f for emacs-devel@gnu.org; Mon, 17 Nov 2014 12:31:37 -0500 Original-Received: from pastel.home (lechon.iro.umontreal.ca [132.204.27.242]) by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id sAHHVZRt008711; Mon, 17 Nov 2014 12:31:36 -0500 Original-Received: by pastel.home (Postfix, from userid 20848) id A3A138852; Mon, 17 Nov 2014 12:31:35 -0500 (EST) In-Reply-To: <87fvdhkgtf.fsf@lifelogs.com> (Ted Zlatanov's message of "Mon, 17 Nov 2014 10:06:04 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) X-NAI-Spam-Flag: NO X-NAI-Spam-Threshold: 5 X-NAI-Spam-Score: 0 X-NAI-Spam-Rules: 1 Rules triggered RV5128=0 X-NAI-Spam-Version: 2.3.0.9393 : core <5128> : inlines <1533> : streams <1344092> : uri <1835055> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 132.204.246.20 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177458 Archived-At: TZ> I don't know how complicated it will be internally, but I don't think it TZ> will endanger any existing functionality (except TLS connections, of TZ> course). The only reason for it in 24.x is to add reasonable certificate TZ> handling so we can turn on certificate verification by default. I don't TZ> think it can be done otherwise without seriously damaging the user TZ> experience. The issue is that if we have a 24.5 release, I want a very short pretest phase, so such changes need to be "obviously safe". One way to do that can be to make the changes conditional on some config var, which stays disabled by default. So random users will use the old code and those who care about security can enable it at the risk of helping us fix bugs. > BTW, I proposed using emacs-24 3 weeks ago in the thread "removing SSLv3 > support by default from the Emacs GnuTLS integration (was: Bug#766395: > emacs/gnus: Uses s_client to for SSL.)" you can find here > https://lists.gnu.org/archive/html/emacs-devel/2014-10/msg00936.html I don't know the underlying issues well enough. But it doesn't sound "obviously safe" either. I'd rather just follow gnutls's own defaults. Stefan