[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deprecate TLS1.0 support in emacs

From: Ted Zlatanov
Subject: Re: Deprecate TLS1.0 support in emacs
Date: Fri, 04 Aug 2017 09:09:49 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)

On Thu, 03 Aug 2017 23:17:13 -0400 Stefan Monnier <address@hidden> wrote: 

>> IMHO, this replacement is OK only if the message has buttons to take the
>> appropriate actions (including silencing warnings as needed).  Otherwise
>> it's noise users will filter out.

SM> I generally agree on the principle, but at the same time I wonder what
SM> actions would make sense: there are basically 2 applicable actions, one
SM> of which (contact the webmaster to suggest upgrading to a better
SM> protocol) is difficult to automate.

I would suggest these possible actions:

* don't warn me about this site anymore and proceed (whitelist)
* don't warn me about TLS 1.0 issues for (dropdown: 1 day, 3 days, 1 month)
* don't warn me about this site for (dropdown: 1 day, 3 days, 1 month)
* proceed this once
* blacklist site as long as it uses TLS1.0; abort connection; never notify
* blacklist TLS1.0 globally; abort all such connections; never notify

SM> As for the other action (silence the warning) I wonder if it's really
SM> needed: if the mechanism is discreet enough, it's just as easy for the
SM> user to "filter it out as noise".

Sorry, I don't understand what you mean.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]