Re: A couple of questions and concerns about Emacs network security

[Jimmy Yuen Ho Wong]

On Mon, Jul 9, 2018 at 5:58 PM Eli Zaretskii <address@hidden> wrote:
>
> > From: Jimmy Yuen Ho Wong <address@hidden>
> > Date: Sun, 8 Jul 2018 20:22:54 +0100
> > Cc: Lars Ingebrigtsen <address@hidden>, Emacs-Devel devel <address@hidden>
> > > Problem is, I cannot find this number in the GnuTLS documentation,
> > > either.  Maybe I'm blind; but if not, it means our users have no
> > > reasonable way of knowing how many bits they are using, and that is
> > > not good, IMO.
> >
> > It's not in the documentation, it's in the src/gnutls.c line
> > 1834-1835. It's also in the docstring of `gnutls-min-prime-bits`.
>
> Are you talking about the master branch of the Emacs repository?  If
> so, I must be blind, because I don't see 1008 anywhere around those
> places.
>

No I was merely talking about what (setq gnutls-algorithm-priority nil) means.

https://github.com/emacs-mirror/emacs/blob/master/src/gnutls.c#L1835

The default is here:

https://github.com/emacs-mirror/emacs/blob/master/src/gnutls.c#L1606

> > > > Users aren't supposed to care about that variable, anyway, since the NSM
> > > > warns about less than 1024 bits...
> > >
> > > Yes, but what if GnuTLS bumps the default to more than that?  And even
> > > if not, I think I might like to know how far below 1024 I'm going to
> > > be if I allow the connection.
> >
> > See my other email for a way out of this. Once you've caught
> > GNUTLS_E_DH_PRIME_UNACCEPTABLE, you can still call
> > gnutls_dh_get_prime_bits to get the prime bits the server sends back
> > out. I think this is already done, we just need to catch
> > GNUTLS_E_DH_PRIME_UNACCEPTABLE so gnutls_verify_boot doesn't
> > immediately return.
>
> That's a separate issue, regarding your argument with Lars whether to
> let NSM handle the too low bits or leave it to GnuTLS.  The issue I
> raised was how can users know what is the GnuTLS default.  Because the
> doc string of gnutls-min-prime-bits says:
>
>   (defcustom gnutls-min-prime-bits 256
>     ;; Several mail servers send fewer bits than the GnuTLS default.
>     ;; Currently, 256 appears to be a reasonable choice (Bug#11267).
>     "Minimum number of prime bits accepted by GnuTLS for key exchange.
>   During a Diffie-Hellman handshake, if the server sends a prime
>   number with fewer than this number of bits, the handshake is
>   rejected.  \(The smaller the prime number, the less secure the
>   key exchange is against man-in-the-middle attacks.)
>
>   A value of nil says to use the default GnuTLS value."
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Which of course immediately begs the question "what is my GnuTLS's
> default value?"