From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: The SHA1 sunset Date: Sun, 03 Jan 2016 10:55:36 +0100 Organization: Programmerer Ingebrigtsen Message-ID: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1451814973 18707 80.91.229.3 (3 Jan 2016 09:56:13 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 3 Jan 2016 09:56:13 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Jan 03 10:56:03 2016 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aFfOJ-0001B0-Of for ged-emacs-devel@m.gmane.org; Sun, 03 Jan 2016 10:56:00 +0100 Original-Received: from localhost ([::1]:41121 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aFfOJ-00033X-1f for ged-emacs-devel@m.gmane.org; Sun, 03 Jan 2016 04:55:59 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45607) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aFfO6-00033S-Ox for emacs-devel@gnu.org; Sun, 03 Jan 2016 04:55:47 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aFfO3-0004wj-Bv for emacs-devel@gnu.org; Sun, 03 Jan 2016 04:55:46 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]:45510) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aFfO3-0004wO-4U for emacs-devel@gnu.org; Sun, 03 Jan 2016 04:55:43 -0500 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1aFfO1-0000or-HC for emacs-devel@gnu.org; Sun, 03 Jan 2016 10:55:41 +0100 Original-Received: from cm-84.215.1.64.getinternet.no ([84.215.1.64]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 03 Jan 2016 10:55:41 +0100 Original-Received: from larsi by cm-84.215.1.64.getinternet.no with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 03 Jan 2016 10:55:41 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 18 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: cm-84.215.1.64.getinternet.no Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEX+/fn///3+//yNemz+ /fcjGhn9+vL+/Pb+/vn58OnsyEbTAAACO0lEQVQ4jW2RTY/aMBCGTXZVclzyCxy3EulxiajKDamR wrlRpPbclQ23VIrs9GaZaDFXENnyb3fGDgGqziEf8/idd2ZMii6Y+CCMUTWaXP6KtyB2XwHkaUyv oAsdoIwRUlHy+x8QQS5JEsKm8QBWcTSZTBk10TmmQTwagGUgMCz4nJbFgT7dAsaSamxOZVkWLKDx 4AFgasKPJcaMsqu5YYaFwcmBIgqCAVibNHoP2TQty8NoAI010OcWTqfpvHzuZwRQWavHzakHP6l3 B1Bbu7PhHEABpYqnQQFAhxZAWsCjZKPR4GE/kVfnDaXKw1AKPCzZD2CWXBRVaLXe4gyu1ozEV0Da Bw/g+WyDa6nKK+YIvlMWDebT1pfCrn6w8KpY6VtwU8pWW9cVgq/EmOtKHr+BgwczDTcXsX7y5R4W VVwUcEG231W4h+lKAEX610A3tgeUaBQ4n/XO9sCt/fHoKoFOS1C0K6cwtgmPqY+FVZnNLgoweejB l7FSmWpzvyu2cu4Yb8oHAqxJdn2tFymUkkr0pZJQe7BQHM9LTorzCwCThX8c6VCgBIJOrLBtvfsF +bMQayUU5whQYV/HRB7TBeQyJbgHAoHR+Rh+lRQ5nkdwFksktK1UnUteKwc2CGo0sWPJIUV20FEP oL8lLuGDzIWCuaXk8gLqOs8yq9bNLld3ipuQLu/M8eWn9egOgJZ3He+44DiFyDcDcFNJLlxeKwQu ug1oLlG3cgA+egY3Re6BD86bOPofAOX5/A4dRXnvm5D79AAAAABJRU5ErkJggg== Mail-Copies-To: never User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux) Cancel-Lock: sha1:bgCzqFCCokbTzTYpHfmody7yXwk= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:197428 Archived-At: SHA1 is considered to be likely to be "broken" sometime this year (i.e., the NSA will be able to create SHA1 collisions that may enable them to issue SHA1 certificates to themselves at will for any domain (some people are very sceptical of this claim)), so I've added warnings about SHA1 certificates to the "high" `network-security-level' setting in Emacs 25.1 now. Other browser makers have announced their intention to refuse to make any TLS connection using SHA1-signed certificates on January 1st, but I'm not sure whether they actually went through with this? We might consider at some point in the future to move this check to the "medium" (default) setting. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no