[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A couple of questions and concerns about Emacs network security
From: |
Robert Pluim |
Subject: |
Re: A couple of questions and concerns about Emacs network security |
Date: |
Mon, 09 Jul 2018 15:09:29 +0200 |
Jimmy Yuen Ho Wong <address@hidden> writes:
>> Is your work on a git branch somewhere?
>
> It's on Github: https://github.com/wyuenho/emacs/tree/additional-nsm-checks
>
> Diff to master:
> https://github.com/emacs-mirror/emacs/compare/master...wyuenho:additional-nsm-checks
>
> You can just fork my fork and send over a PR.
>
> There's still a couple of things I need to do:
>
> 1. Implement `nsm-trust-local-network`
> 2. Remove that change in src/gnutls.h not needed for bug#31946 (this
> is from my OCSP stash still sitting on my machine)
It needs either removing or making it work with earlier versions of GnuTLS:
gnutls.c: In function ‘Fgnutls_peer_status’:
gnutls.c:1353:22: error: ‘GNUTLS_CERT_MISSING_OCSP_STATUS’ undeclared (first
use in this function)
I have:
pkg-config --modversion gnutls
3.4.10
I think the OCSP stuff is 3.6.something.
> 3. Write some ert tests, but this should affect the doc effort
> 4. I might throw in a few more checks to detech DHE-DSS key exchange
> and DSA signature. IETF TLSWG has removed it from TLS 1.3, so do
> browsers, but I haven't been able to find much information about them
> other than they are not used. There's a claim made that DSS key
> exchange is just as bad as static RSA, but DHE-DSS is not that same as
> DSS...
I see youʼre checking for TLS < 1.1. TLS 1.1 has its fair share of
reported issues as well, perhaps we should check for < 1.2 (or we
could put that on 'high).
Regards
Robert
- Re: A couple of questions and concerns about Emacs network security, (continued)
- Re: A couple of questions and concerns about Emacs network security, Ted Zlatanov, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/10
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/10
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/10
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/10
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/13
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/14
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/14
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/14
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/07
- Re: A couple of questions and concerns about Emacs network security,
Robert Pluim <=
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Perry E. Metzger, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Perry E. Metzger, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Perry E. Metzger, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/06