[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS/TLS proposals for after the release
From: |
Lars Ingebrigtsen |
Subject: |
Re: GnuTLS/TLS proposals for after the release |
Date: |
Wed, 20 Jul 2016 14:04:27 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) |
Ted Zlatanov <address@hidden> writes:
> 1) Proposal: after the 25.1 release, opening a secure network connection
> without `gnutls-available-p' should be an annoying warning. The
> alternative (tls.el) is less secure and IMHO should be discouraged.
I agree.
And I think the FSF distribution page for the prebuilt binaries on all
platforms should link to binaries that come with a complete set of
libraries needed to run Emacs in a secure manner. (Mostly relevant for
the Windows distribution.)
> 2) I am concerned that SSLv3 is explicitly in the tls.el defaults. See
> http://disablessl3.com/ for why, no need to write up all the reasons
> here. I propose to cut those lines out.
That's fine with me, but if it's deprecated, then it probably doesn't
matter much. :-)
> I propose a single variable, `gnutls-settings' which can be set per host
> regex or globally, and which can contain an alist or plist specifying
> each of the settings above as a string/string list or as a function.
> Basically a unified view of all GnuTLS-related connectivity settings
> instead of scattering them over several variables. I think in Customize
> that will look nicer and more friendly, plus the code will be simplified.
Yes, this sounds nice. The only slightly worrying thing from a user
perspective is that we'd then have two layers of settings/exceptions per
host -- one from `gnutls-settings', and one from the Network Security
Manager. This may confuse some users, but the extra power
`gnutls-settings' would give us might outweigh that slight problem.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/05
- Re: GnuTLS/TLS proposals for after the release, John Wiegley, 2016/07/05
- Re: GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/06
- Re: GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/06
- Re: GnuTLS/TLS proposals for after the release, John Wiegley, 2016/07/06
- Re: GnuTLS/TLS proposals for after the release, Robert Pluim, 2016/07/07
- Re: GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/12
- Re: GnuTLS/TLS proposals for after the release, John Wiegley, 2016/07/12
- Re: GnuTLS/TLS proposals for after the release, Eli Zaretskii, 2016/07/13
- Re: GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/13
Re: GnuTLS/TLS proposals for after the release,
Lars Ingebrigtsen <=
- Re: GnuTLS/TLS proposals for after the release, Stefan Monnier, 2016/07/20
- Compressing ELPA (was: GnuTLS/TLS proposals for after the release), Stefan Monnier, 2016/07/20
- Re: GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/20
- Re: GnuTLS/TLS proposals for after the release, Paul Eggert, 2016/07/20
- Re: GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/25
- Re: GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/25
Re: GnuTLS/TLS proposals for after the release, Eli Zaretskii, 2016/07/21
Re: GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/21
Re: GnuTLS/TLS proposals for after the release, Eli Zaretskii, 2016/07/21
Re: GnuTLS/TLS proposals for after the release, Ted Zlatanov, 2016/07/21