emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security


From: Jimmy Yuen Ho Wong
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Sun, 8 Jul 2018 20:28:49 +0100

On Sun, Jul 8, 2018 at 7:42 PM Lars Ingebrigtsen <address@hidden> wrote:
>
> Jimmy Yuen Ho Wong <address@hidden> writes:
>
> > I'll reply to the problem with setting gnutls-algorithm-priority to
> > LEGACY in other email.
>
> Well, I'm not really advocating that.  It's a bit too much hubris.  :-)
> Nobody's perfect, and the default NORMAL gnutls-algorithm-priority is
> fine by me, even if it means a less-than-perfect UI and user experience.
>

But you could advocate that, I don't object to that :). You can just
copy this bit of code[1] and do a few adjustments in the checks to
avoid too much nagging if the user specifically listed he wants RC4 to
be enabled.

https://www.gnutls.org/manual/gnutls.html#Listing-the-ciphersuites-in-a-priority-string

> > That is correct, for consistency's sake. Since we'e decided on a
> > default NORMAL:%DUMB_FW priority string, which means let the GnuTLS
> > version you've built Emacs with to decide what cipher suites to allow,
> > it follows that we should also default `gnutls-min-prime-bits` to nil,
> > which also lets GnuTLS decide.
>
> We could, but we know that we handle that bit well on our own in the
> NSM, so I don't see the point.
>

As I said, it's a UI issue. You are confusing people when what they
specify do not match expectation. When I specify a lower bound, that's
me saying I don't want NSM to nag me about it.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]