[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#13374: 24.?; open-gnutls-stream insecurity
|
From: |
Ted Zlatanov |
|
Subject: |
bug#13374: 24.?; open-gnutls-stream insecurity |
|
Date: |
Tue, 08 Jan 2013 09:43:22 -0500 |
|
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) |
On Tue, 08 Jan 2013 05:42:52 +0100 Lars Magne Ingebrigtsen <larsi@gnus.org>
wrote:
LMI> Glenn Morris <rgm@gnu.org> writes:
>> Ah well, ok, thanks for the explanation. It sounds then like it's
>> probably better to leave this for trunk rather than try and force it
>> into 24.3 at this relatively late stage.
LMI> Definitely.
LMI> Deciding on policies for handling opportunistic STARTTLS upgrades
LMI> combined with certificate failures has to be decided on, too.
LMI> That is, even if the user hasn't requested a TLS connection, Emacs will
LMI> auto-negotiate a STARTTLS connection now for virtually all protocol
LMI> types now. If that "fails" because the certificate is self-signed or
LMI> expired, do we then want to bother the user by prompting for an action?
LMI> The user hasn't requested encryption and validation, but then this
LMI> question comes out of the blue?
LMI> So, er, someone (ahem) has to go through all the permutations of
LMI> connection types and failure modes, and write up some stuff. We should
LMI> also have certificate management code in there somewhere so that the
LMI> user may be alerted if a privately signed certificate changes,
LMI> perhaps...
I propose to set up a verification list with the following format:
#+begin_src lisp
((".*\\.gmail.com" . (:verify-hostname-error t :verify-error t))
(".*\\.yahoo.com" . t) ; everything
(".*" . nil)) ; nothing
#+end_src
It should default to nil (in other words, we'll ship 24.3 with the same
insecure behavior it has right now). But we can recommend to the users
to turn it on, and see how well it works in practice, and write the
necessary prompts and customization logic that Lars outlined.
I think that's OK for 24.3 since it's a completely unobtrusive change
that opens the road for improvements.
The main reason I didn't turn cert and hostname verification on sooner
is that I wasn't certain that our knowledge of platform CA store
filenames and general logic were good enough. But it was always the
long-term plan, and I'm glad Oleksii brought it up.
Thanks
Ted
- bug#13374: 24.?; open-gnutls-stream insecurity, Oleksii Shevchuk, 2013/01/07
- bug#13374: 24.?; open-gnutls-stream insecurity, Glenn Morris, 2013/01/07
- bug#13374: 24.?; open-gnutls-stream insecurity, Lars Magne Ingebrigtsen, 2013/01/07
- bug#13374: 24.?; open-gnutls-stream insecurity, Glenn Morris, 2013/01/07
- bug#13374: 24.?; open-gnutls-stream insecurity, Lars Magne Ingebrigtsen, 2013/01/07
- bug#13374: 24.?; open-gnutls-stream insecurity,
Ted Zlatanov <=
- bug#13374: 24.?; open-gnutls-stream insecurity, Lars Magne Ingebrigtsen, 2013/01/08
- bug#13374: 24.?; open-gnutls-stream insecurity, Ted Zlatanov, 2013/01/08
- bug#13374: 24.?; open-gnutls-stream insecurity, Stefan Monnier, 2013/01/08