emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security

From: Eli Zaretskii
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Thu, 05 Jul 2018 16:49:30 +0300 
> Date: Thu, 5 Jul 2018 09:33:46 -0400
> From: "Perry E. Metzger" <address@hidden>
> Cc: Paul Eggert <address@hidden>, Jimmy Yuen Ho Wong <address@hidden>,
>       address@hidden
> 
> Pinning is what is done by sites like gmail to prevent third world
> dictatorships from using stolen certificate credentials to spy on
> their citizens. People who have been victims of this have had their
> email read, been arrested by state security forces for dissent, and
> have been tortured to death for lack of certificate pinning working
> in their browsers.
> 
> This is a matter of life and death for many people.
> 
> > do this via ELPA, I think.  Whether it's worth doing is another
> > issue; I think the jury is still out on that one...
> 
> Do you think it's worth keeping people from quite literally being
> tortured to death?
> 
> For most of the secure HTTP stuff we've been discussing, I would far
> rather be inconvenienced here and there than know my slight extra
> convenience was being paid for in human blood.

It isn't the Emacs way to second-guess our users' needs, definitely
not to decide for them what is and what isn't a matter of life and
death for them.  We provide options with some reasonable defaults, and
then let users make informed decisions which defaults are not good
enough for them.

It is IMO unreasonable to make our defaults match what happens in
dictatorships that you describe, because that would unnecessarily
inconvenience the majority of the users.  Let's not follow the bad
example of the TSA (whose rationale is, unsurprisingly, also matters
of life and death).
reply via email to
[Prev in Thread] Current Thread [Next in Thread]