emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of questions and concerns about Emacs network security

From: Eli Zaretskii
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Fri, 06 Jul 2018 12:01:20 +0300 
Ping!

> Date: Mon, 25 Jun 2018 19:06:51 +0300
> From: Eli Zaretskii <address@hidden>
> Cc: address@hidden, address@hidden, address@hidden,
>       address@hidden
> 
> Allow me a few comments, with an eye towards getting at least some of
> this to the emacs-26 branch:
> 
>  . First, the NEWS entry should tell users how to get the previous
>    (less secure) behavior if they want.  I think this also calls for a
>    better documentation of the elements that can appear in
>    network-security-protocol-checks.
> 
>  . The change to gnutls-peer-status is not reflected in its doc string
>    and is not called out in NEWS.
> 
>  . Do I understand correctly that most of the changes, including those
>    in gnutls.c, are so that intermediary certificates could be
>    verified?  If so, would it make sense to omit that for emacs-26,
>    and only beef up the medium level of security in NSM with the rest
>    of the checks?
> 
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]