From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: The SHA1 sunset
Date: Tue, 05 Jan 2016 08:07:39 +0100
Message-ID: <m34messdvo.fsf@gnus.org>
References: <m3twmvdm1z.fsf@gnus.org> <83fuyead32.fsf@gnu.org>
	<m21t9yxwnh.fsf@newartisans.com> <m3bn9288rf.fsf@gnus.org>
	<87si2eayc5.fsf@gnu.org> <m3y4c5vvpt.fsf@gnus.org>
	<87d1tg8rap.fsf@gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1451977941 16473 80.91.229.3 (5 Jan 2016 07:12:21 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 5 Jan 2016 07:12:21 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: Mike Gerwitz <mtg@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Jan 05 08:12:11 2016
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1aGLms-00084L-TB
	for ged-emacs-devel@m.gmane.org; Tue, 05 Jan 2016 08:12:11 +0100
Original-Received: from localhost ([::1]:48355 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1aGLmr-0003ju-Mi
	for ged-emacs-devel@m.gmane.org; Tue, 05 Jan 2016 02:12:09 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:55445)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1aGLme-0003jo-8n
	for emacs-devel@gnu.org; Tue, 05 Jan 2016 02:11:57 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1aGLmb-0003Nq-3Z
	for emacs-devel@gnu.org; Tue, 05 Jan 2016 02:11:56 -0500
Original-Received: from hermes.netfonds.no ([80.91.224.195]:49374)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>)
	id 1aGLma-0003Nc-T0; Tue, 05 Jan 2016 02:11:53 -0500
Original-Received: from cm-84.215.1.64.getinternet.no ([84.215.1.64] helo=stories)
	by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.72) (envelope-from <larsi@gnus.org>)
	id 1aGLiW-0002jE-Cx; Tue, 05 Jan 2016 08:07:41 +0100
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEUAAAADAwg4cbmq3PoA
	AQMICRRgtfEbKVsoItlYAAACUklEQVQ4jW2UTYvjMAyGXeiw1zU05K6l8X0C3usGHHp2qPE9YT3n
	mHr09/eV3WFSWB1a0FPp1YdVpZRyzk1azyEG3QWxzmuvxM5O7MZBw4KXT62+STDxMemntQhkA1yI
	HuBP0vynn0q9RTJ+du5yBG/30PUdmdLHcJ8O4Mc95wURJZru4b7BKZRlyHk1bMrt0WTg7tWJODAN
	ac3FM98nKRi6McZsIlFKyRSX2c97BXAj+5DE6O/MVObCkqpj8osZbCVQMSGyATj3kZhyi0hEZJBY
	Up1nSSMCCUEoYM2U9wqiGUa412S3GrXS1YuGW7iB0W414cqm9aHD52Y3uNOGz2SpaWB4edhsGsfN
	jmMNHWof6sTobYPHWqjj2xC3qlAtADwjko125XxtIEZoIgQQUuhx4V13stab1LLh9yBpNaHD2oOq
	6vDbJwDpfBBwY84tAkUJ+YimCHjLBquAC9XK12qy8V2QcpkBRLuKYySsK6jLezZoIZaIa4SKPNQG
	JJHEvMMv4Bx66RdujFH0xxIawHTruAXUykzTmKvEEXxE3wA3hAYxZLtSkublMeSSsfNNwLZZk+lD
	NE4lRqZPSnWyOY+/8UgKwNn185zxtAZkX5l/vYe4y0jkZibmOZNs9xo32jtsMMgBuqkPYVll4QYP
	sT526eMPNnLJAx4RDVSW/etwzsh2dtlwhkLaoz9elJrLXjKVzlz7b1Dlp/sNz1aX7uts6zHXoJiJ
	Lxc36ZdUctHRBNdsegEqBO/U/4D2+gleUyl1af8p1X85gvtB4iXi6Nf/AH+H+ynFipxIAAAAAElF
	TkSuQmCC
In-Reply-To: <87d1tg8rap.fsf@gnu.org> (Mike Gerwitz's message of "Tue, 05 Jan
	2016 01:38:06 -0500")
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux)
X-MailScanner-ID: 1aGLiW-0002jE-Cx
MailScanner-NULL-Check: 1452582491.0403@jnP089dFOkfIg9AJTzwAFg
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.224.195
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:197648
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/197648>

Mike Gerwitz <mtg@gnu.org> writes:

> Personally, I prefer not to rely on bandages for my crypto.

It is, of course, up to you what you do for yourself.

What we're discussing is what the defaults should be in Emacs.  Issuing
warnings to users about something that isn't (yet) a probable issue is a
disservice to our users.  If they feel that these security mechanisms
get in the way of getting stuff done, they will, of course, just disable
those mechanisms altogether.

Which is why I asked to statistics of SHA-1 certificates in use today.
The newest one I could find was from April 2015, and at that point 20%
of Alexa Top 1000 web sites were using SHA-1 certificates.  If that's
still the case, it's way more than is reasonable to warn our users
about.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no