bug#13374: 24.?; open-gnutls-stream insecurity

all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Lars Magne Ingebrigtsen <larsi@gnus.org>
To: Glenn Morris <rgm@gnu.org>
Cc: Oleksii Shevchuk <alxchk@gmail.com>,
	13374@debbugs.gnu.org, Ted Zlatanov <tzz@lifelogs.com>
Subject: bug#13374: 24.?; open-gnutls-stream insecurity
Date: Tue, 08 Jan 2013 05:42:52 +0100	[thread overview]
Message-ID: <m362381e0j.fsf@stories.gnus.org> (raw)
In-Reply-To: <3fhamscn9w.fsf@fencepost.gnu.org> (Glenn Morris's message of "Mon, 07 Jan 2013 23:27:23 -0500")

Glenn Morris <rgm@gnu.org> writes:

> Ah well, ok, thanks for the explanation. It sounds then like it's
> probably better to leave this for trunk rather than try and force it
> into 24.3 at this relatively late stage.

Definitely.

Deciding on policies for handling opportunistic STARTTLS upgrades
combined with certificate failures has to be decided on, too.

That is, even if the user hasn't requested a TLS connection, Emacs will
auto-negotiate a STARTTLS connection now for virtually all protocol
types now.  If that "fails" because the certificate is self-signed or
expired, do we then want to bother the user by prompting for an action?
The user hasn't requested encryption and validation, but then this
question comes out of the blue?

So, er, someone (ahem) has to go through all the permutations of
connection types and failure modes, and write up some stuff.  We should
also have certificate management code in there somewhere so that the
user may be alerted if a privately signed certificate changes,
perhaps...

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/

next prev parent reply	other threads:[~2013-01-08  4:42 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-01-07 10:20 bug#13374: 24.?; open-gnutls-stream insecurity Oleksii Shevchuk
2013-01-08  1:05 ` Glenn Morris
2013-01-08  4:20   ` Lars Magne Ingebrigtsen
2013-01-08  4:27     ` Glenn Morris
2013-01-08  4:42       ` Lars Magne Ingebrigtsen [this message]
2013-01-08 14:43         ` Ted Zlatanov
2013-01-08 14:49           ` Lars Magne Ingebrigtsen
2013-01-08 15:24             ` Ted Zlatanov
2013-01-08 17:06             ` Stefan Monnier
2013-12-18 22:50               ` Ted Zlatanov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m362381e0j.fsf@stories.gnus.org \
    --to=larsi@gnus.org \
    --cc=13374@debbugs.gnu.org \
    --cc=alxchk@gmail.com \
    --cc=rgm@gnu.org \
    --cc=tzz@lifelogs.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.