Re: A couple of questions and concerns about Emacs network security

[Lars Ingebrigtsen]

Jimmy Yuen Ho Wong <address@hidden> writes:

> I still haven't heard of a "good reason" yet.

It's been stated in this thread that somebody uses it and finds it
useful, and I think that's sufficient.

>> But, yes, as Eli says, `paranoid' should perhaps do more for non-TLS
>> connections.  The question is "what", though, because there's no
>> fingerprint (beyond the host/port number) that we can use to verify
>> that a non-TLS connection is to a previously seen host.
>
> Exactly. NSM can only warn you if you are establishing a cleartext
> connection, nothing else can be done.

Well...  It could just do the host/port number thing and say "you've
never connected to this host before".  It's not much (considering how
easy it is to spoof DNS), but it's not nothing either.

> That's true, but there's still no reason to default
> `gnutls-min-prime-bits` to 256. If that's the default, presumably
> checking for DH prime bits > 1024 is a bug as NSM should let 256-bit
> DH prime go through.

No?  We let gnutls always establish the connection, no matter how sucky,
and then we ask the user about it.  That's the whole idea behind the
NSM.

And setting gnutls-min-prime-bits to 256 has no adverse effects, since
(contrary to what you've said several times in this thread), the TLS
connection will use as many prime bits that the server offers,
apparently.

> BTW, this bahavior pretty much we can default `gnutls-min-prime-bits`
> to nil with no problem at all as we haven't seen any bug complaining
> about NSM checking for DH prime bits > 1024 being too strict.

I don't think we would get a bug report for that.  People deal with
"broken" web site TLS all the time, and there'll be an abundance of them
over the next years.  That's what the NSM is for, and that's not
something users will complain about.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no