Re: A couple of questions and concerns about Emacs network security

[Lars Ingebrigtsen]

Jimmy Yuen Ho Wong <address@hidden> writes:

>  It's not supposed to -- the connection is stopped at the gnutls level.
>  Which is why that variable defaults to 256, so that the NSM can handle
>  the problem.
>
> How about moving the min-prime-bits knob over to NSM so it can warn
> instead of silently bypassing it by fiddling options directly related
> to GnuTLS?

The NSM does warn about this.  Unless you've fiddled with the options,
which you've chosen to do yourself.

The low-level variables doc strings should mention that you're not
supposed to fiddle with them unless you have very specific needs and
point you to the NSM instead.

> I also notice there's a `nsm-noninteractive` var, it's only used in 1
> place so far. Can we defcustom it and sprinkle a check for this var
> strategically such that people who are using Emacs in a script can
> still do it without fiddling with the GnuTLS options? In fact, what if
> we merged all the NSM and GnuTLS options into NSM so various modules
> can rely on it as a central point of control?

Well...  The low-level variables (which probably shouldn't be
defcustoms) are useful in some scenarios.  If you're writing an
application that needs very specific connection parameters, you have to
be able to pass them in to the library.  let-binding them provides that
flexibility.

I don't think `nsm-noninteractive' should be a defcustom, but perhaps
there should be a `quit' value to `network-security-level' that just
aborts on any network strangeness without querying the user.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no