[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A couple of questions and concerns about Emacs network security
|
From: |
Lars Ingebrigtsen |
|
Subject: |
Re: A couple of questions and concerns about Emacs network security |
|
Date: |
Sun, 08 Jul 2018 19:47:35 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) |
Jimmy Yuen Ho Wong <address@hidden> writes:
> No we don't let GnuTLS always establish the connection. We don't set
> the priority string to the lowest level possible, i.e. "LEGACY". Are
> you suggesting you want to do that?
That's my preference, but others don't agree. And it's basically a moot
point, since there are virtually no (legitimate real-world) connections
that fall between the nil and "LEGACY" settings of
`gnutls-algorithm-priority'.
> Setting `gnutls-min-prime-bits` to 256 as the standard value suggests
> to me that Emacs' network security level is so relaxed that a TLS
> connection with a DH prime 256-bits should go through, but in reality
> NSM still warns. This yet again contradicts the intention of the
> standard value. If the intention is to warn about prime-bit < 1024
> bits, `gnutls-min-prime-bits` should not be 256, otherwise NSM should
> not warn.
>
> Just switch it back to `nil` and let GnuTLS do the right thing
> according to the priority string for crying out loud. This also has no
> adverse effect.
I don't understand what you're saying here. We've chosen 256 since
that's the way to say "don't stop any connections on the gnutls level
because of this stuff". nil currently means 1008 bits, if I read the
docs right.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- Re: A couple of questions and concerns about Emacs network security, (continued)
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Paul Eggert, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Richard Stallman, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security,
Lars Ingebrigtsen <=
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/08
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/07/09