Re: A couple of questions and concerns about Emacs network security

[Eli Zaretskii]

> From: Paul Eggert <address@hidden>
> Date: Thu, 5 Jul 2018 12:26:47 -0700
> Cc: address@hidden, address@hidden, address@hidden, address@hidden
> 
> Eli Zaretskii wrote:
> > Emacs is not a Web browser, we have different priorities.  So the
> > solutions need not be the same.
> 
> Quite true. However, when Emacs is used to browse the web there's a powerful 
> argument to model its security practices on those of other web browsers.

I agree, but even there we should not blindly copy every technique the
browsers use.

More importantly, Web browsing is a niche application in Emacs, while
NSM is about all kinds of network connections, not just those created
on behalf of EWW.

> A lot of practical experience has gone into the Firefox and Chrome
> security models, and it would be much, much more efficient for us
> Emacs developers to reuse those wheels instead of reinventing them.

We reuse most of them anyway, because we use the same security-related
libraries.  And finally, I think the suggestions were use what then
browsers do and then add to that what they don't do.  This means we
don't follow the browsers, but instead make our own decisions what
should and shouldn't be done, so in that case what Firefox etc. do is
less important.