[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A couple of questions and concerns about Emacs network security
From: |
Eli Zaretskii |
Subject: |
Re: A couple of questions and concerns about Emacs network security |
Date: |
Mon, 25 Jun 2018 20:06:52 +0300 |
> From: Lars Ingebrigtsen <address@hidden>
> Cc: address@hidden, address@hidden, address@hidden, address@hidden
> Date: Mon, 25 Jun 2018 18:55:22 +0200
>
> > . Do I understand correctly that most of the changes, including those
> > in gnutls.c, are so that intermediary certificates could be
> > verified? If so, would it make sense to omit that for emacs-26,
> > and only beef up the medium level of security in NSM with the rest
> > of the checks?
>
> Yes, that is definitely a possibility. The nsm.el changes should be
> safe to backport (after they've been in master for a couple of weeks so
> that people can test them), while the gnutls.c change might be more
> dangerous.
>
> However, the thing that's protecting against (a SHA1 intermediate
> certificate (oops, I see I've called it "intermediary" in the code and
> doc; I'll fix that now)) is, I seem to remember, now being considered a
> realistic attack (i.e., you can generate valid-looking fake certificates
> based on one).
If this is deemed a very serious vulnerability (I'm not an expert on
these matters), then I guess we will have to wait longer before we
backport the changes to emacs-26.
Thanks.
- Re: A couple of questions and concerns about Emacs network security, (continued)
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/06/25
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/06/25
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/06/25
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/06/25
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/06/25
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/06/25
- Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/06/25
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/06/25
- Re: A couple of questions and concerns about Emacs network security,
Eli Zaretskii <=
- Re: A couple of questions and concerns about Emacs network security, Jimmy Yuen Ho Wong, 2018/06/25
- Re: A couple of questions and concerns about Emacs network security, Lars Ingebrigtsen, 2018/06/25
Re: A couple of questions and concerns about Emacs network security, Eli Zaretskii, 2018/06/23