[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A couple of questions and concerns about Emacs network security
From: |
Jimmy Yuen Ho Wong |
Subject: |
Re: A couple of questions and concerns about Emacs network security |
Date: |
Sun, 24 Jun 2018 18:10:13 +0100 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 |
I have just been looking at how to add OCSP as well, I noticed
`gnutls-boot` already accepts `:crlfiles`, I have a `gnutls.el` patch
that'll supply it to `gnutls-boot-parameters`. I'm testing it now, but
I'm haven't a bit of trouble generating a CRL in PEM. Anyway, do you
think it's worth it as a quick win to include in either master to 26.2
if it works?
On 24/06/2018 17:57, Lars Ingebrigtsen wrote:
> Eli Zaretskii <address@hidden> writes:
>
>> When the changes are pushed to master, we could look at them and
>> consider whether they (or some of their parts) are safe enough for
>> emacs-26.
> Yup.
>
> I'm going through the current recommendations for TLS security, and most
> of them are straightforward and require just some added NSM checks.
> However, the check for intermediary sha1 certificates checks requires a
> C-level change: gnutls.c doesn't expose to Lisp the certificate chain,
> so I'll have to add that, too.
>
> It's not a complicated addition, but it's C level, so you'll have to
> decide whether something that has the potential for crashing Emacs is
> worth the risk for Emacs 26.2. But I guess we'll see once I've
> implemented this (hopefully next week).
>
- Re: A couple of questions and concerns about Emacs network security, (continued)
- Re: A couple of questions and concerns about Emacs network security, Noam Postavsky, 2018/06/22
- Re: A couple of questions and concerns about Emacs network security, Noam Postavsky, 2018/06/23
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/06/24
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/06/24
- Re: A couple of questions and concerns about Emacs network security, Noam Postavsky, 2018/06/24
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/06/24
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/06/24
- Re: A couple of questions and concerns about Emacs network security,
Jimmy Yuen Ho Wong <=
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/06/24
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/06/24
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/06/24
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/06/24
- Re: A couple of questions and concerns about Emacs network security, Van L, 2018/06/24
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/06/24
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/06/24
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/06/25
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/06/25
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/06/25