[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A couple of questions and concerns about Emacs network security
From: |
Jimmy Yuen Ho Wong |
Subject: |
Re: A couple of questions and concerns about Emacs network security |
Date: |
Sun, 8 Jul 2018 20:22:54 +0100 |
> > so I think it's better just to not say anything. Or just "what nil
> > means depends on the GnuTLS version".
>
> Problem is, I cannot find this number in the GnuTLS documentation,
> either. Maybe I'm blind; but if not, it means our users have no
> reasonable way of knowing how many bits they are using, and that is
> not good, IMO.
>
It's not in the documentation, it's in the src/gnutls.c line
1834-1835. It's also in the docstring of `gnutls-min-prime-bits`.
> > Users aren't supposed to care about that variable, anyway, since the NSM
> > warns about less than 1024 bits...
>
> Yes, but what if GnuTLS bumps the default to more than that? And even
> if not, I think I might like to know how far below 1024 I'm going to
> be if I allow the connection.
See my other email for a way out of this. Once you've caught
GNUTLS_E_DH_PRIME_UNACCEPTABLE, you can still call
gnutls_dh_get_prime_bits to get the prime bits the server sends back
out. I think this is already done, we just need to catch
GNUTLS_E_DH_PRIME_UNACCEPTABLE so gnutls_verify_boot doesn't
immediately return.
- Re: A couple of questions and concerns about Emacs network security, (continued)
- Re: A couple of questions and concerns about Emacs network security, Richard Stallman, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security,
Jimmy Yuen Ho Wong <=
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/10
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08