From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Additional network security
Date: Sun, 07 Dec 2014 17:41:06 +0100
Message-ID: <m3lhmjh0pp.fsf@stories.gnus.org>
References: <m3a932w2sk.fsf@stories.gnus.org>
	<jwvk326x7mg.fsf-monnier+emacs@gnu.org>
	<m361do8z1j.fsf@stories.gnus.org>
	<jwv61dotmrn.fsf-monnier+emacs@gnu.org>
	<87lhmkja3h.fsf@uwakimon.sk.tsukuba.ac.jp>
	<871tobmndd.fsf@lifelogs.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1417970509 19310 80.91.229.3 (7 Dec 2014 16:41:49 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sun, 7 Dec 2014 16:41:49 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Dec 07 17:41:43 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Xxetx-0006Bv-36
	for ged-emacs-devel@m.gmane.org; Sun, 07 Dec 2014 17:41:41 +0100
Original-Received: from localhost ([::1]:58430 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Xxetw-0002dQ-NJ
	for ged-emacs-devel@m.gmane.org; Sun, 07 Dec 2014 11:41:40 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48950)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1Xxeto-0002Wz-Kl
	for emacs-devel@gnu.org; Sun, 07 Dec 2014 11:41:38 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1Xxetj-0003v6-8T
	for emacs-devel@gnu.org; Sun, 07 Dec 2014 11:41:32 -0500
Original-Received: from hermes.netfonds.no ([80.91.224.195]:39038)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1Xxetj-0003uu-1e
	for emacs-devel@gnu.org; Sun, 07 Dec 2014 11:41:27 -0500
Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58]
	helo=stories.gnus.org)
	by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.72) (envelope-from <larsi@gnus.org>) id 1XxetP-0005Z2-9U
	for emacs-devel@gnu.org; Sun, 07 Dec 2014 17:41:07 +0100
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAMFBMVEU9Oz8AAAPCwsTY19l7
	eH0LCg8kIScEAwcxLjNkYWVOS0/19PajoaX///+LiY0WFBm0Bzy5AAACXElEQVQ4jcXTwWvTUBwH
	8BxGyYpacupR6Dwp26E5yVrx8JSmrkWRNN0u7iCx3cFSMHu7rYetZr2sSBRfGDUMjXt14B+QzUO3
	g8xYYT2Wgoww2IjdENLWHYwduJchE0QQ3+VBPu99f/nlR6jWbxb1L4Fl2fUzIcyGzoY/qdEo0BQt
	FwZNs0ydC4dC3MefsM13XQHC2wDl+HHjSuP5Fw8cCPMMlPi8RGVsPXECbhdChmGCPHSnAZeMkxtA
	F/rPGWlhr/70Akq2SQ0zdodher4j+9LYwfi8Yg+fwObj/vmjOF66/D2WtUyORDnHQcEnYVDfiXC6
	kCbF++/EBPMXb4Xr5aKY8XMEchOvmcNyfrrL95ACknsEhJmkk97Y7XeSRggkYwmvwa+f1SX2Rl7q
	VcyRFdGLamMF2MY159tWZbS5myV9vMjObYmVwOFixy0MRBtR0kdlzjiYGNurTnLUprbcZAnUIu8K
	czucX7fZEQ6vN0kU96CGB2rX8b5dRag83CI3BOn81QVzX7Hul9oWdwqwfne7YoFVE9hmaKjV8KIC
	j1rG+po9ZBhGyNLchAez0f5uhOvIxwt8igCaZzbq7biTwpXazSlxkHx2dZGBcLakp9lRds0EFgFf
	f7JBaQqpHww28nYVEMgdjxweIYQUlSoMKh7c0wXJ7VWxqtGyPOVBkXbgDNIojDS6QJ+Ch594yL8E
	KoWrmkyVEIE3AZHPTQMlviLKopzxE1h+n+lQ3RRGVc1Py2KJQDukTuJXUqqKtVLR7XgNjtmRsvqs
	k+M7GVEsFsnMm+wv6+9/tf8GPwDw0Q0iKpMZxAAAAABJRU5ErkJggg==
X-Now-Playing: Mark Hollis's _Mark Hollis_: "The Colour Of Spring"
X-Hashcash: 1:23:141207:emacs-devel@gnu.org::Hqi/9MxVNQjL4k+t:000000000000000000000000000000000000000000YXRS
In-Reply-To: <871tobmndd.fsf@lifelogs.com> (Ted Zlatanov's message of "Sun, 07
	Dec 2014 11:32:46 -0500")
User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)
X-MailScanner-ID: 1XxetP-0005Z2-9U
MailScanner-NULL-Check: 1418575268.23269@LPZY2t6T2MiWHZW3FyjPeg
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.224.195
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:179275
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/179275>

Ted Zlatanov <tzz@lifelogs.com> writes:

> Given this precedent, I think it would make sense to offer some
> fine-grained control over NSM checks as well, similar to
> `gnutls-verify-error' as I mentioned.  We've gone Lispy with the NSM
> configuration, but if we were consistent with the GnuTLS approach, the
> NSM tuning would be simply a string like "paranoid:-crazy" (paranoid but
> not crazy, heh heh).  This is still possible:
>
> * map a symbol to its symbol-name
> * parse NSM security levels like GnuTLS priority strings
> * allow setting these strings per host regex
> * PROFIT
>
> WDYT?

I think we should require 100 users demanding this before we implement
it.  :-)

But as for the defaults, do you agree with putting RC4, SSL<TLS1.0 and
low bits on `high'?  

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no