[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network security manager

From: Ted Zlatanov
Subject: Re: Network security manager
Date: Tue, 18 Nov 2014 10:10:46 -0500
User-agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

On Tue, 18 Nov 2014 11:12:32 +0100 Toke Høiland-Jørgensen <address@hidden> 

TH> incidentally, does Emacs check the cipher mode of the connection
TH> itself (I'm assuming this warning pertains to the certificate
TH> itself, not the connection encryption).

No, after establishing the connection we don't check its properties.  In
many cases, depending on the priority string, it could be very different
from what we expected IIUC, so this is neither simple nor very useful.

TH> I have (setq gnutls-algorithm-priority "PFS") in my .emacs, but
TH> AFAIK that is not the default (and it does fail in some cases). For
TH> instance, in light of POODLE, turning off SSLv3 completely would
TH> probably be a good idea, at least as a default?

This was discussed recently here and in the GnuTLS mailing list.  With
the default settings in Emacs, it's not vulnerable to POODLE.

TH> Finally, doing DANE verification (and trusting that more than the CA)
TH> would be nice; but not sure how viably it is presently.

Can you clarify?  What are the requirements and benefits in your opinion?

Also, would you like to integrate your TOFU patch with the new nsm branch?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]