Re: A couple of questions and concerns about Emacs network security

[Eli Zaretskii]

> From: Jimmy Yuen Ho Wong <address@hidden>
> Date: Fri, 6 Jul 2018 22:24:51 +0100
> Cc: address@hidden, Lars Ingebrigtsen <address@hidden>, Paul Eggert 
> <address@hidden>, 
>       Emacs-Devel devel <address@hidden>, "Perry E. Metzger" 
> <address@hidden>, 
>       Robert Pluim <address@hidden>
> 
> > Still, I'm asking whether it is appropriate to check only the
> > certificate.  Aren't there any other checks that would fit 'low'?
> >
> 
> Been waiting for you to say that :)
> 
> In 
> https://github.com/wyuenho/emacs/commit/35d720eceef5c9b1dc0553b7d2235bbb079b0036
> , I've used Snowden as an epoch, and separated the checks known to be
> necessary before Snowden, the response post-Snowden, and preparations
> standard bodies and browser vendors do to prepare for TLS 1.3. The
> count is now 10 lows, 13 mediums (10 low + 3), and 17 highs (13
> mediums + 4).

Thanks, I think this is a good change.

> Alright... I cave. I see what you want now, you want an escape hatch
> for implicitly trusted network hosts. I'll make you a deal, if you can
> give me cross-platform C DEFUNs of getifaddr(3), getaddrinfo(3) and
> getnameinfo(3), I'll give you a `nsm-trust-local-network` boolean. If
> `nsm-trust-local-network` is non-nil, or a function that returns
> non-nil when `nsm-trust-local-network` is read, connecting to such
> hosts via TLS will be whitelisted automatically in memory. The
> docstring should say use this at your own risk. This should smooth out
> your home network situations, and like-wise for corporate intranets.

Do network-interface-list and/or network-interface-info fit the bill?
If not, what's missing?

Thanks for the other points, I will have to dwell on them before I
make up my mind.

> Oh ye faithful disciple of the religion of Murphy's Law, may your hair
> show youthful color again by changing Emacs' release process to a
> Continuous Integration and Delivery process.

Hear, hear!