[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security

From: Eli Zaretskii
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Sat, 07 Jul 2018 19:08:04 +0300

> Date: Sat, 7 Jul 2018 11:25:44 -0400
> From: "Perry E. Metzger" <address@hidden>
> Cc: address@hidden, address@hidden, address@hidden, address@hidden,
>  address@hidden
> > I don't know where you took that number.
> Maybe you should learn about the topics you have such strong opinions
> on before expressing the strong opinions. If you were actually in the
> field or even reading the literature, you wouldn't need to ask such
> things.

Maybe you should learn to talk with people who are not specialists,
and maybe you should learn to recognize "strong opinions" when you see

> > > As for your own configuration, you're free to change the defaults
> > > any way you like, so why are you arguing anyway?  
> > 
> > Because I think there are many others like me.
> So the others like you can change the defaults any way you like. WHAT

Irrelevant.  We are talking about the defaults.

> > I meant your opinions about how Emacs should design its
> > security-related UI and treat its users.  They are definitely not
> > facts,
> So far, I hear a number of people saying "the reasonable thing is to
> use the same default behavior that pretty much everything else uses",
> and I hear Eli saying "no, no, I want to make things more complicated
> because I claim that somehow there will be great inconvenience if
> the software rejects obviously forged certificates or obviously
> insecure cipher suites by default".

So maybe you should learn to listen more carefully.  And read, for
that matter.

> What exactly is the inconvenience you anticipate if an Emacs IMAP
> user connecting to google rejects a certificate that isn't vouched
> for by the CT mechanism? Can you explain _precisely_ why you insist
> that it is necessary to have different defaults than everyone else
> uses?

I already did.  PLEASE RE-READ WHAT I WROTE, and not necessarily to
in response to your posts.

> > > And this sets you apart from people who have worked in the field
> > > for decades, and from people who have done objective studies in
> > > the field.  
> > 
> > Studies on Emacs users?
> Emacs users are for the most part human beings, yes.

They are not a representative sample of computer users, however.  So
what by and large is correct for the bulk of the users is not
necessarily correct for Emacs users.

> > You are completely missing the point.  No one claimed we should
> > expect users to judge certificates.
> Then what the hell are you arguing for?


> > I see these issues every day, using mostly
> > Firefox and IE.
> Why are you using IE?

Because I sometimes have to.  And there's nothing special about it, it
actually sometimes works better than Firefox.

> > Please read Jimmy's comments on this, and respond to them if you
> > want.
> Jimmy is entirely reasonable here. I'm not arguing with him because
> he's not saying anything terribly wrong.

Then you don't have any argument with me, either, because I don't have
any argument with Jimmy.

(And please leave out ad-hominem, your unconcealed disdain makes this
a very unpleasant discussion.)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]