[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A couple of questions and concerns about Emacs network security
|
From: |
Robert Pluim |
|
Subject: |
Re: A couple of questions and concerns about Emacs network security |
|
Date: |
Sat, 07 Jul 2018 11:36:24 +0200 |
Jimmy Yuen Ho Wong <address@hidden> writes:
> I disagree that prompting for pretty much every TLS connection is a
> good idea. In security circles these days, there's such a thing known
> as "security fatigue". Overly troublesome security measure that don't
> take human psychology into account will lead to numbness. A side
> effect of that is users will simply start ignoring security warnings
> like they skip reading iTunes's EULA. This is an adverse unintended
> consequence that achieves the opposite of what we want to do here.
For normal usage, we should absolutely not prompt too much [1]. Iʼm not
recommending 'paranoid' to anyone, but in my specific circumstances
itʼs the right thing to do.
>>>> `gnutls-min-prime-bits` should be `nil` on Emacs 26.2
>>
>> That might be going a bit far, but I can certainly do that locally and
>> see what happens.
>>
>
> As I've said, setting `gnutls-min-prime-bits` to nil simply means
> GnuTLS will negotiate the right number of DH bits on the user's
> behalf, starting from 1008 bits since 3.3.0.
>
>>
>> Documentation is good. Iʼll see if I can find some time to work on
>> that.
>>
>
> Thanks for helping out :)
Is your work on a git branch somewhere?
Regards
Robert
Footnotes:
[1] If you fix the double-prompting caused by google's certificate
load-balancing, that would reduce it a lot for me :-)
- Re: A couple of questions and concerns about Emacs network security, (continued)
- Re: A couple of questions and concerns about Emacs network security, Paul Eggert, 2018/07/05
- Re: A couple of questions and concerns about Emacs network security, Richard Stallman, 2018/07/05
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Robert Pluim, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Perry E. Metzger, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/07
- Re: A couple of questions and concerns about Emacs network security,
Robert Pluim <=
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/07
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/07
- Re: A couple of questions and concerns about Emacs network security, Ted Zlatanov, 2018/07/07
- Re: A couple of questions and concerns about Emacs network security, Paul Eggert, 2018/07/07
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/07
- Re: A couple of questions and concerns about Emacs network security, Ted Zlatanov, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/10
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/10
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/10
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/10