[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security

From: Jimmy Yuen Ho Wong
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Mon, 25 Jun 2018 17:29:32 +0100

My CRL patch should work on Emacs 26.x as well. Sorry I don't know how you typically submit patches, so I just replied in the email chain. Let me know if that's not sufficient.

On Mon, Jun 25, 2018 at 5:06 PM, Eli Zaretskii <address@hidden> wrote:
> From: Lars Ingebrigtsen <address@hidden>
> Cc: address@hiddenaddress@hidden,  Noam Postavsky <address@hidden>,  address@hidden
> Date: Sun, 24 Jun 2018 22:58:28 +0200
> Lars Ingebrigtsen <address@hidden> writes:
> > I had meant to implement warnings for this stuff on the default `medium'
> > level instead of letting it remain on the `high' level, but I simply
> > forgot.  I'll be changing that on master hopefully sometime next week.
> Or today!
> I've now pushed the changes to master, so let me know if I accidentally
> broke all Emacs network traffic.  It seems to be working OK for me,
> though...

Thanks for working on this.

Allow me a few comments, with an eye towards getting at least some of
this to the emacs-26 branch:

 . First, the NEWS entry should tell users how to get the previous
   (less secure) behavior if they want.  I think this also calls for a
   better documentation of the elements that can appear in

 . The change to gnutls-peer-status is not reflected in its doc string
   and is not called out in NEWS.

 . Do I understand correctly that most of the changes, including those
   in gnutls.c, are so that intermediary certificates could be
   verified?  If so, would it make sense to omit that for emacs-26,
   and only beef up the medium level of security in NSM with the rest
   of the checks?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]