[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security

From: Lars Ingebrigtsen
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Sat, 23 Jun 2018 13:32:26 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

Jimmy Yuen Ho Wong <address@hidden> writes:

> There are more problems with NSM than just these tests. One other
> thing I can think of is, if I've set `gnutls-min-prime-bits` to 2048,
> and presented with a cert with 1536 bits, NSM does nothing for me.

It's not supposed to -- the connection is stopped at the gnutls level.
Which is why that variable defaults to 256, so that the NSM can handle
the problem.

> What I'm getting at is, it's all well and fine if you can fix these
> issues in LISP, but if you are going to implement a real network
> security layer anyway, might as well switch to an underlying library
> that'll do all these for you, both from a performance perspective, and
> the advantage of not having a emacs-speed cycle for security related
> issues.

No, these are user interface issues, and changing libraries does nothing
to help with that.

But instead of me re-arguing that case, you can just read


(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]