[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A couple of questions and concerns about Emacs network security
From: |
Eli Zaretskii |
Subject: |
Re: A couple of questions and concerns about Emacs network security |
Date: |
Sat, 07 Jul 2018 10:55:02 +0300 |
> From: Jimmy Yuen Ho Wong <address@hidden>
> Date: Fri, 6 Jul 2018 22:24:51 +0100
> Cc: address@hidden, Lars Ingebrigtsen <address@hidden>, Paul Eggert
> <address@hidden>,
> Emacs-Devel devel <address@hidden>, "Perry E. Metzger"
> <address@hidden>,
> Robert Pluim <address@hidden>
>
> > Still, I'm asking whether it is appropriate to check only the
> > certificate. Aren't there any other checks that would fit 'low'?
> >
>
> Been waiting for you to say that :)
>
> In
> https://github.com/wyuenho/emacs/commit/35d720eceef5c9b1dc0553b7d2235bbb079b0036
> , I've used Snowden as an epoch, and separated the checks known to be
> necessary before Snowden, the response post-Snowden, and preparations
> standard bodies and browser vendors do to prepare for TLS 1.3. The
> count is now 10 lows, 13 mediums (10 low + 3), and 17 highs (13
> mediums + 4).
Thanks, I think this is a good change.
> Alright... I cave. I see what you want now, you want an escape hatch
> for implicitly trusted network hosts. I'll make you a deal, if you can
> give me cross-platform C DEFUNs of getifaddr(3), getaddrinfo(3) and
> getnameinfo(3), I'll give you a `nsm-trust-local-network` boolean. If
> `nsm-trust-local-network` is non-nil, or a function that returns
> non-nil when `nsm-trust-local-network` is read, connecting to such
> hosts via TLS will be whitelisted automatically in memory. The
> docstring should say use this at your own risk. This should smooth out
> your home network situations, and like-wise for corporate intranets.
Do network-interface-list and/or network-interface-info fit the bill?
If not, what's missing?
Thanks for the other points, I will have to dwell on them before I
make up my mind.
> Oh ye faithful disciple of the religion of Murphy's Law, may your hair
> show youthful color again by changing Emacs' release process to a
> Continuous Integration and Delivery process.
Hear, hear!
- Re: A couple of questions and concerns about Emacs network security, (continued)
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Perry E. Metzger, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Perry E. Metzger, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Perry E. Metzger, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security,
Eli Zaretskii <=
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Paul Eggert, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08