[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security

From: Robert Pluim
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Sat, 07 Jul 2018 11:36:24 +0200

Jimmy Yuen Ho Wong <address@hidden> writes:

> I disagree that prompting for pretty much every TLS connection is a
> good idea. In security circles these days, there's such a thing known
> as "security fatigue". Overly troublesome security measure that don't
> take human psychology into account will lead to numbness. A side
> effect of that is users will simply start ignoring security warnings
> like they skip reading iTunes's EULA. This is an adverse unintended
> consequence that achieves the opposite of what we want to do here.

For normal usage, we should absolutely not prompt too much [1]. Iʼm not
recommending 'paranoid' to anyone, but in my specific circumstances
itʼs the right thing to do.

>>>> `gnutls-min-prime-bits` should be `nil` on Emacs 26.2
>> That might be going a bit far, but I can certainly do that locally and
>> see what happens.
> As I've said, setting `gnutls-min-prime-bits` to nil simply means
> GnuTLS will negotiate the right number of DH bits on the user's
> behalf, starting from 1008 bits since 3.3.0.
>> Documentation is good. Iʼll see if I can find some time to work on
>> that.
> Thanks for helping out :)

Is your work on a git branch somewhere?



[1]  If you fix the double-prompting caused by google's certificate
     load-balancing, that would reduce it a lot for me :-)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]