[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security

From: Eli Zaretskii
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Thu, 05 Jul 2018 21:58:42 +0300

> Date: Thu, 5 Jul 2018 11:33:20 -0400
> From: "Perry E. Metzger" <address@hidden>
> Cc: Noam Postavsky <address@hidden>, address@hidden, address@hidden,
>  address@hidden, address@hidden
> > > Can we bump gnutls-min-prime-bits to 1024 on the release branch?  
> > 
> > No, I don't think so.  Changing these settings needs a prolonged
> > testing period to uncover any subtle problems with non-conforming
> > servers that users must be able to access, and such testing is
> > unlikely to happen on emacs-26 before the next bug-fix release.
> All modern browsers set 1024 as a minimum. There is no need for Emacs
> to worry about this as it has been years since you could connect to a
> web site with less than 1024 bits security. It should be changed as
> soon as possible. Even 1024 bits is too small, but this is at least
> better than the current situation.

Emacs is not a Web browser, it uses the network for purposes other
than browsing Web pages, so what browsers do is less relevant than
what you seem to imply.

Anyway, it seems you completely miss my point: I didn't say that we
shouldn't increase the number of bits, just that we shouldn't do that
on the release branch, unless we are willing to delay Emacs 26.2

reply via email to

[Prev in Thread] Current Thread [Next in Thread]