Re: A couple of questions and concerns about Emacs network security

[Eli Zaretskii]

> From: Jimmy Yuen Ho Wong <address@hidden>
> Date: Sun, 8 Jul 2018 17:56:03 +0100
> Cc: Emacs-Devel devel <address@hidden>
> 
> > > That's true, but there's still no reason to default
> > > `gnutls-min-prime-bits` to 256. If that's the default, presumably
> > > checking for DH prime bits > 1024 is a bug as NSM should let 256-bit
> > > DH prime go through.
> >
> > No?  We let gnutls always establish the connection, no matter how sucky,
> > and then we ask the user about it.  That's the whole idea behind the
> > NSM.
> 
> No we don't let GnuTLS always establish the connection. We don't set
> the priority string to the lowest level possible, i.e. "LEGACY". Are
> you suggesting you want to do that?
> The precedence has been set that we don't allow every GnuTLS
> connection to go through, therefore, your ideal with letting NSM
> handle all kinds of network security issues in Emacs is invalid.
> 
> > And setting gnutls-min-prime-bits to 256 has no adverse effects, since
> > (contrary to what you've said several times in this thread), the TLS
> > connection will use as many prime bits that the server offers,
> > apparently.
> >
> 
> The adverse effect is, there is no way to explain this clearly to a
> user WTF is going on without confusing the hack out of people. The
> choice option with a "Default" :tag in the defcustom already says nil
> is the default, just the standard value isn't. This is already a
> contradiction.

But if we set the prime bits to a higher number, isn't it true that a
TLS connection will fail with little or no explanations?  Whereas the
NSM does provide a sensible description of the problem when it asks me
whether to go ahead with the insecure connection, so I could consider
how much I trust the server and/or the connection.

I don't know if I'm talking about the same situation, but I sometimes
get from Firefox a cryptic "secure connection failed" with some error
code mnemonics I don't understand; when that happens, it annoys me
quite a bit, because I have no easy way of figuring out whether the
problem is with the server, with my box, or with some fascist
firewall in the middle.

If this is what will happen when we bump the number of bits (or with
any other security setting), then I'd rather have NSM catch that and
talk to me in a language I can understand better.  At least as an
option, if not by default (and no, that option shouldn't be
gnutls-min-prime-bits, as that's too technical for most users; I'm
thinking about some non-default security level, perhaps).

Does that make sense?

> Just switch it back to `nil` and let GnuTLS do the right thing
> according to the priority string for crying out loud.

If you mean that people should customize the priority string, then I
think this is again too technical and shouldn't be the primary
solution we provide users for controlling their security level.