|
| From: | Paul Eggert |
| Subject: | Re: A couple of questions and concerns about Emacs network security |
| Date: | Fri, 22 Jun 2018 15:43:35 -0700 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 |
On 06/22/2018 03:00 PM, Jimmy Yuen Ho Wong wrote:
1. Can we update the default network security settings?
Yes, I would think so, in the master branch. As you say, the current defaults are inappropriate for today's users.
2. Now that `starttls.el` and `tls.el` are obsolete, and GnuTLS doesn't
seem to be doing a very good job, can we link to something better
maintained, such as OpenSSL/LibreSSL/BoringSSL/NSS?
I would think the answer to that could be "yes" too. Despite its name, GnuTLS is no longer GNU code, and we're under no obligation to promote it. However, this would take some work. We'd surely want the option to link to either GnuTLS or OpenSSL/etc.
there's this thing call `nsm.el` seemingly doing redundant checks if your TLS settings are reasonable, what's the history of it and why is it not obsolete when `tls.el` and `starttls.el` are?
Lars is the person to ask about that. I'll CC: him.
| [Prev in Thread] | Current Thread | [Next in Thread] |