Re: A couple of questions and concerns about Emacs network security

[Eli Zaretskii]

> From: Lars Ingebrigtsen <address@hidden>
> Cc: Jimmy Yuen Ho Wong <address@hidden>,  address@hidden
> Date: Sun, 08 Jul 2018 20:39:30 +0200
> 
> Eli Zaretskii <address@hidden> writes:
> 
> > Thanks.  According to that, it's 1008 since GnuTLS 3.3.0.  Perhaps we
> > should tell that in the doc string of gnutls-min-prime-bits, or at
> > least in a comment there.
> 
> Yeah, but since it varies from GnuTLS release to release, we'd have to
> keep updating it.

Yes, that's unfortunate.  But if the value doesn't change too
frequently (as it seems, since 3.3.0 was what? 4 years ago?), maybe it
isn't a catastrophe.

> so I think it's better just to not say anything.  Or just "what nil
> means depends on the GnuTLS version".

Problem is, I cannot find this number in the GnuTLS documentation,
either.  Maybe I'm blind; but if not, it means our users have no
reasonable way of knowing how many bits they are using, and that is
not good, IMO.

> Users aren't supposed to care about that variable, anyway, since the NSM
> warns about less than 1024 bits...

Yes, but what if GnuTLS bumps the default to more than that?  And even
if not, I think I might like to know how far below 1024 I'm going to
be if I allow the connection.