[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network security manager

From: Stefan Monnier
Subject: Re: Network security manager
Date: Mon, 17 Nov 2014 12:31:35 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux)

TZ> I don't know how complicated it will be internally, but I don't think it
TZ> will endanger any existing functionality (except TLS connections, of
TZ> course).  The only reason for it in 24.x is to add reasonable certificate
TZ> handling so we can turn on certificate verification by default.  I don't
TZ> think it can be done otherwise without seriously damaging the user
TZ> experience.

The issue is that if we have a 24.5 release, I want a very short pretest
phase, so such changes need to be "obviously safe".

One way to do that can be to make the changes conditional on some config
var, which stays disabled by default.  So random users will use the old
code and those who care about security can enable it at the risk of
helping us fix bugs.

> BTW, I proposed using emacs-24 3 weeks ago in the thread "removing SSLv3
> support by default from the Emacs GnuTLS integration (was: Bug#766395:
> emacs/gnus: Uses s_client to for SSL.)" you can find here
> https://lists.gnu.org/archive/html/emacs-devel/2014-10/msg00936.html

I don't know the underlying issues well enough.  But it doesn't sound
"obviously safe" either.  I'd rather just follow gnutls's own defaults.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]