A couple of questions and concerns about Emacs network security

[Jimmy Yuen Ho Wong]

Hi everyone,

I've been digging around Emacs' network security settings lately and
I've noticed a couple of oddities. I was wondering what the reasos are
and if there are any plans to improve them.

For `--with-gnutls` builds using GnuTLS 3.5.18:

1. `gnutls-verify-error` is set to nil by default, so server certs
   aren't verified by default.
2. `gnutls-min-prime-bits` has been 256 by default since 2012, whereas
   a reasonable number should probably be 2048 in 2018.
3. `gnutls-algorithm-priority` is nil by default.

All of this means there's zero network security OTTB for Emacs. After
some experimentation, I've come up with the following settings that
brings the balance of default security and compatibility to as good as I
could:

    (setq gnutls-algorithm-priority
          "SECURE192:+SECURE128:-VERS-ALL:+VERS-TLS1.2:%PROFILE_MEDIUM"
          gnutls-min-prime-bits 2048
          gnutl-verify-error t)

However, this setting still fail the following tests rather alarmingly:

    (mapcar (lambda (host)
              (ignore-errors (url-retrieve-synchronously host)))
            '("https://revoked.badssl.com/";
              "https://pinning-test.badssl.com/";
              "https://invalid-expected-sct.badssl.com/";))

    ;; This should return a list of `'(nil nil nil)`, but doesn't.

My questions are:

1. Can we update the default network security settings?
2. Now that `starttls.el` and `tls.el` are obsolete, and GnuTLS doesn't
   seem to be doing a very good job, can we link to something better
   maintained, such as OpenSSL/LibreSSL/BoringSSL/NSS?

Lastly, I notice there's this thing call `nsm.el` seemingly
doing redundant checks if your TLS settings are reasonable, what's the
history of it and why is it not obsolete when `tls.el` and `starttls.el`
are?

Thanks in advance,

Jimmy Wong