[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A couple of questions and concerns about Emacs network security
From: |
Perry E. Metzger |
Subject: |
Re: A couple of questions and concerns about Emacs network security |
Date: |
Thu, 5 Jul 2018 11:58:26 -0400 |
On Sat, 23 Jun 2018 09:45:57 +0300 Eli Zaretskii <address@hidden> wrote:
> > From: Paul Eggert <address@hidden>
> > Date: Fri, 22 Jun 2018 15:43:35 -0700
> > Cc: Lars Magne Ingebrigtsen <address@hidden>
> >
> > > 2. Now that `starttls.el` and `tls.el` are obsolete, and GnuTLS
> > > doesn't seem to be doing a very good job, can we link to
> > > something better maintained, such as
> > > OpenSSL/LibreSSL/BoringSSL/NSS?
> >
> > I would think the answer to that could be "yes" too. Despite its
> > name, GnuTLS is no longer GNU code, and we're under no obligation
> > to promote it. However, this would take some work. We'd surely
> > want the option to link to either GnuTLS or OpenSSL/etc.
>
> GnuTLS may not be a GNU project in the formal sense, but nothing has
> changed in its development methods or in its spirit since it was.
> OpenSSL is even less of a GNU project, and AFAIR includes components
> that are not even Free Software.
So far as I can tell and am aware, OpenSSL is fully free software.
There are no unfree components.
> Moreover, having 2 different
> libraries for the same task in Emacs will be a maintenance burden we
> are better without,
The security of OpenSSL is, so far as I can tell, more reliably
managed. There's a large team that worries about it, and the security
of cryptographic libraries is a difficult problem. Everything from
timing attacks to very subtle mistakes in nonce generation has to go
perfectly.
Perry
--
Perry E. Metzger address@hidden
Re: A couple of questions and concerns about Emacs network security,
Perry E. Metzger <=
- Re: A couple of questions and concerns about Emacs network security, Paul Eggert, 2018/07/05
- Re: A couple of questions and concerns about Emacs network security, Richard Stallman, 2018/07/05
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Robert Pluim, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Perry E. Metzger, 2018/07/06
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/07