From unknown Sat Jun 21 12:21:25 2025 X-Loop: help-debbugs@gnu.org Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities Resent-From: Jens Lechtenboerger Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 10 Mar 2014 07:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 16978@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.139443479131655 (code B ref -1); Mon, 10 Mar 2014 07:00:02 +0000 Received: (at submit) by debbugs.gnu.org; 10 Mar 2014 06:59:51 +0000 Received: from localhost ([127.0.0.1]:58649 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WMuBi-0008EU-In for submit@debbugs.gnu.org; Mon, 10 Mar 2014 02:59:51 -0400 Received: from eggs.gnu.org ([208.118.235.92]:33844) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WMu5D-00082t-4u for submit@debbugs.gnu.org; Mon, 10 Mar 2014 02:53:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WMu55-0005bx-RB for submit@debbugs.gnu.org; Mon, 10 Mar 2014 02:53:06 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:35880) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WMu55-0005bs-O9 for submit@debbugs.gnu.org; Mon, 10 Mar 2014 02:52:59 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35514) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WMu4z-0001wA-Mc for bug-gnu-emacs@gnu.org; Mon, 10 Mar 2014 02:52:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WMu4s-0005YY-TC for bug-gnu-emacs@gnu.org; Mon, 10 Mar 2014 02:52:53 -0400 Received: from moutng.kundenserver.de ([212.227.17.24]:51049) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WMu4s-0005YG-J3 for bug-gnu-emacs@gnu.org; Mon, 10 Mar 2014 02:52:46 -0400 Received: from PC (mnsr-4db0a03e.pool.mediaWays.net [77.176.160.62]) by mrelayeu.kundenserver.de (node=mreue101) with ESMTP (Nemesis) id 0LnBO9-1WoIGf1XTR-00hROA; Mon, 10 Mar 2014 07:52:44 +0100 From: Jens Lechtenboerger OpenPGP: id=0xA142FD84; url=http://www.informationelle-selbstbestimmung-im-internet.de/A142FD84.asc Date: Mon, 10 Mar 2014 07:52:43 +0100 Message-ID: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> User-Agent: Gnus/5.130009 (Ma Gnus v0.9) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Provags-ID: V02:K0:4rQQkwE5RiRyvRvbLdoxNxjGapYSKBukbcgnt1cVcK7 jL1cBkABSWOHo8dC5TwEotXuDBSFYY5cdhVSgExDw5ayYmzROX Eqi6qJ5tLoCvVlemJrdHi8Okf0+XJV01z/82pRHgX08qpm3i87 LN7qDuh8U405ocXFAo5/wapVzcWyoZbEcfb+u3hYuwS10DoKaw 3Hnl0yHz8YWMtSbrGNmx32LnM5rmNEapvqyy8e+/mTqisSwYZZ 4fBpJXJ6mwFb+CYUGKQOpF91PECAWEZe3yRBtnLeYBn8BCx+e6 WOleGBA126bchVrksWXaih1sMQ6EzEFiKMIZCG1MkIlzUFrVUR /Xxn8zPjBeceip6HhdyEaq4kRCrhsRTVHpWLW0THq5N0AoMuc2 8/wcrElbCC2+g== X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Mailman-Approved-At: Mon, 10 Mar 2014 02:59:49 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) I'm using GNU Emacs 24.3.1. This affects Gnus v5.13 as well as Ma Gnus v0.9. I'm using Emacs to send e-mail via smtpmail.el with smtpmail-stream-type set to starttls, read e-mail via imap with :port 993 and :stream ssl, and send/read news via port 563 with nntp-open-tls-stream for nntp-open-connection-function. In all these cases, SSL/TLS "secured" connections are used that accept any certificate without checking the CA. Thus, man-in-the-middle (MITM) attacks will be successful and will go unnoticed. I don't find that acceptable. I vote to ship Emacs with certificate checking by default. That way, we would be protected from Mallory with self-signed, forged keys. I even vote for certificate pinning by default, which can protect us from Mallory with "trusted" keys (Mallory who pays, bribes, tricks, compels, forces, or operates an official CA). This can be accomplished via gnutls-cli with trust-on-first-use: gnutls-cli --tofu opens a TLS connection and asks whether the certificate can be trusted. If so, it is added to ~/.gnutls/known_hosts. On subsequent connections, the presented certificate is compared against the stored one; in case of mismatches, the user is asked whether to trust the new one. To prevent the process from hanging while waiting for the user's reply, option --strict-tofu (introduced in GnuTLS 3.2.12) can be used. I'm describing my view on certificate pinning in general and some details on TOFU with GnuTLS in more detail in my blog: https://blogs.fsfe.org/jens.lechtenboerger/?p=208 For Emacs, here is my personal workaround (a real fix would probably require a unified, secure-by-default treatment of TLS throughout all libraries): Smtpmail uses network-stream-open-starttls, which calls gnutls-negotiate (from gnutls.el) later on. The function gnutls-negotiate has parameters VERIFY-HOSTNAME-ERROR and VERIFY-ERROR, which might be useful to detect MITM attacks, yet they are not used. Also nntp-open-connection calls gnutls-negotiate without checking certificates. Thus, I disable gnutls.el entirely: (if (fboundp 'gnutls-available-p) (fmakunbound 'gnutls-available-p)) However, the problem is not restricted to gnutls.el. Once I disable that library, different fallbacks are used in different libraries. Smtpmail falls back to starttls-open-stream from starttls.el. In my case, that library uses gnutls-cli, and --strict-tofu can be added to starttls-extra-arguments: (setq starttls-extra-arguments '("--strict-tofu")) NNTP does not fall back to starttls.el but to open-tls-stream from tls.el. That library makes use of tls-program, which defaults to gnutls-cli with the switch --insecure. That switch is called "insecure" for a good reason and should be removed, IMO. Better yet, enable certificate pinning: (setq tls-program '("gnutls-cli --strict-tofu -p %p %h")) The library imap.el makes use of openssl's s_client via imap-ssl-program. While s_client is great to debug SSL/TLS connections, it is useless for everyday encryption as it prints an error message if certificates cannot be verified, but it opens the connection anyways. And, those errors are not shown in Emacs. So, switch to gnutls-cli with certificate pinning: (setq imap-ssl-program '("gnutls-cli --strict-tofu -p %p %s")) (Note that tls-program expects %h where imap-ssl-program uses %s.) Best wishes Jens From unknown Sat Jun 21 12:21:25 2025 X-Loop: help-debbugs@gnu.org Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities Resent-From: Glenn Morris Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 10 Mar 2014 07:05:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Jens Lechtenboerger Cc: 16978@debbugs.gnu.org Received: via spool by 16978-submit@debbugs.gnu.org id=B16978.139443505232240 (code B ref 16978); Mon, 10 Mar 2014 07:05:02 +0000 Received: (at 16978) by debbugs.gnu.org; 10 Mar 2014 07:04:12 +0000 Received: from localhost ([127.0.0.1]:58654 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WMuFv-0008Nw-Vd for submit@debbugs.gnu.org; Mon, 10 Mar 2014 03:04:12 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:44825) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WMuFt-0008Nn-GZ for 16978@debbugs.gnu.org; Mon, 10 Mar 2014 03:04:09 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WMuFs-0000sZ-M5; Mon, 10 Mar 2014 03:04:08 -0400 From: Glenn Morris References: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> X-Spook: Pine Gap S Box AVN AGT. AMME Mafia United Nations weapons X-Ran: C"%D{r17QPvb2,p&j2e^Z}Wn`n0sr^?wjx_3+'Ek7]-hRc-{eHO_j=]7c (Jens Lechtenboerger's message of "Mon, 10 Mar 2014 07:52:43 +0100") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Please see http://debbugs.gnu.org/13374 From unknown Sat Jun 21 12:21:25 2025 X-Loop: help-debbugs@gnu.org Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities In-Reply-To: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> Resent-From: Jens Lechtenboerger Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 11 Mar 2014 17:05:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Glenn Morris Cc: 16978@debbugs.gnu.org Received: via spool by 16978-submit@debbugs.gnu.org id=B16978.139455747428370 (code B ref 16978); Tue, 11 Mar 2014 17:05:02 +0000 Received: (at 16978) by debbugs.gnu.org; 11 Mar 2014 17:04:34 +0000 Received: from localhost ([127.0.0.1]:33516 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WNQ6T-0007NW-Km for submit@debbugs.gnu.org; Tue, 11 Mar 2014 13:04:33 -0400 Received: from moutng.kundenserver.de ([212.227.17.13]:60757) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WNQ6Q-0007NI-LW for 16978@debbugs.gnu.org; Tue, 11 Mar 2014 13:04:31 -0400 Received: from PC (mnsr-4db0a1f9.pool.mediaWays.net [77.176.161.249]) by mrelayeu.kundenserver.de (node=mreue105) with ESMTP (Nemesis) id 0Mf1GD-1WY6QC3r6f-00OX7J; Tue, 11 Mar 2014 18:04:26 +0100 From: Jens Lechtenboerger References: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> OpenPGP: id=0xA142FD84; url=http://www.informationelle-selbstbestimmung-im-internet.de/A142FD84.asc Date: Tue, 11 Mar 2014 18:04:25 +0100 Message-ID: <86mwgwu0o6.fsf@informationelle-selbstbestimmung-im-internet.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Provags-ID: V02:K0:5a2Hnnv9idcxxoopmy2eogGCP0eO61yMgwskz+diFR8 dQJO0JXC/EEyFrzVxUfytw1P1OdMi7KlTT17ZF6wb1quo+gR3i Joc1OAHOf90VC2G8SwNBiFQBS1wi7c1yq+oyaurZHAt+f2KxST O5u40Q2QWqG6uFLtgnx7+TJ5OxS5lAF/KSdaDkznjmstJqGBPP Dpqg602jzqpqWKlygTDVqnDPCseWOC4YDrawd2gJuE15PE5eFu 7+E4thGnUf6xlOfP2OU4WmYE7kcXGd9RXB9Cn3b8lYe4O5FNYp MSdQQ4PtdruFGxEtBr13P5a3dvTsfVWyUa0czF2xekKj56UaiK X68sufcaVC2ApS/sb7Kidf8QS/FLGCrfLtvDpuygqqfT1TF/yH QDYuTcFOCZhEA== X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On Mo, Mar 10 2014, Glenn Morris wrote: > Please see http://debbugs.gnu.org/13374 I wasn't aware of that, sorry. I'm now on GNU Emacs 24.3.50.1. I can't get gnutls-verify-error to work. So far I only tried that with NNTPS, not SMTP. If I set gnutls-verify-error to t, the TCP connection to port 563 is closed immediately (on the wire I see FIN/ACK immediately after the three-way handshake; no TLS related data at all). Afterwards, the server is shown as offline in the server buffer. gnus-server-open-server fails as long as gnutls-verify-error is t. imap.el is still using openssl's s_client. tls.el is still using the switch --insecure for gnutls-cli. Best wishes Jens From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 11 13:11:26 2014 Received: (at control) by debbugs.gnu.org; 11 Mar 2014 17:11:26 +0000 Received: from localhost ([127.0.0.1]:33524 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WNQD8-0007Zx-Er for submit@debbugs.gnu.org; Tue, 11 Mar 2014 13:11:26 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:43300) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WNQD6-0007Zn-OA for control@debbugs.gnu.org; Tue, 11 Mar 2014 13:11:24 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WNQD6-0007pp-5p for control@debbugs.gnu.org; Tue, 11 Mar 2014 13:11:24 -0400 Date: Tue, 11 Mar 2014 13:11:24 -0400 Message-Id: Subject: control message for bug 16978 To: X-Mailer: mail (GNU Mailutils 2.1) From: Glenn Morris X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) severity 16978 important tag 16978 security From unknown Sat Jun 21 12:21:25 2025 X-Loop: help-debbugs@gnu.org Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities In-Reply-To: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 17 Mar 2014 21:06:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: 16978@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Reply-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.139509035519440 (code B ref -1); Mon, 17 Mar 2014 21:06:01 +0000 Received: (at submit) by debbugs.gnu.org; 17 Mar 2014 21:05:55 +0000 Received: from localhost ([127.0.0.1]:39283 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WPejK-00053S-9M for submit@debbugs.gnu.org; Mon, 17 Mar 2014 17:05:54 -0400 Received: from eggs.gnu.org ([208.118.235.92]:36787) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WPejH-00053I-FE for submit@debbugs.gnu.org; Mon, 17 Mar 2014 17:05:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WPejA-0004Eg-7y for submit@debbugs.gnu.org; Mon, 17 Mar 2014 17:05:51 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:37375) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WPejA-0004Ec-5K for submit@debbugs.gnu.org; Mon, 17 Mar 2014 17:05:44 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38457) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WPej3-0002MQ-5H for bug-gnu-emacs@gnu.org; Mon, 17 Mar 2014 17:05:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WPeiv-0004C3-Nl for bug-gnu-emacs@gnu.org; Mon, 17 Mar 2014 17:05:37 -0400 Received: from plane.gmane.org ([80.91.229.3]:45628) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WPeiv-0004Bw-HC for bug-gnu-emacs@gnu.org; Mon, 17 Mar 2014 17:05:29 -0400 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1WPeis-0001q9-00 for bug-gnu-emacs@gnu.org; Mon, 17 Mar 2014 22:05:26 +0100 Received: from c-98-229-61-72.hsd1.ma.comcast.net ([98.229.61.72]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 17 Mar 2014 22:05:25 +0100 Received: from tzz by c-98-229-61-72.hsd1.ma.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 17 Mar 2014 22:05:25 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: bug-gnu-emacs@gnu.org From: Ted Zlatanov Date: Mon, 17 Mar 2014 17:06:08 -0400 Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos Lines: 41 Message-ID: <878us88ri7.fsf@lifelogs.com> References: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> Mime-Version: 1.0 Content-Type: text/plain X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: c-98-229-61-72.hsd1.ma.comcast.net X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) Cancel-Lock: sha1:5gLgwqeniD4soubkbyvEMOnyAh8= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) On Mon, 10 Mar 2014 07:52:43 +0100 Jens Lechtenboerger wrote: JL> I don't find that acceptable. I vote to ship Emacs with certificate JL> checking by default. Hi Jens, that's how it's planned, but please realize we have to be careful with the large population of Emacs users that would be surprised by sudden failures. So 24.4 is the first version where we'll start doing this. JL> gnutls-cli --tofu opens a TLS connection and asks whether the JL> certificate can be trusted. If so, it is added to JL> ~/.gnutls/known_hosts. On subsequent connections, the presented JL> certificate is compared against the stored one; in case of JL> mismatches, the user is asked whether to trust the new one. To JL> prevent the process from hanging while waiting for the user's reply, JL> option --strict-tofu (introduced in GnuTLS 3.2.12) can be used. JL> I'm describing my view on certificate pinning in general and some JL> details on TOFU with GnuTLS in more detail in my blog: JL> https://blogs.fsfe.org/jens.lechtenboerger/?p=208 That's wonderful, but please realize this doesn't work for Emacs because often, interactive prompting would not be available. The consensus so far has been to abort the connection and tell the user how to allow a host specifically. Can you suggest a cleaner way, perhaps using TOFU with some C automation? (`gnutls-cli' should not be assumed to be available) JL> For Emacs, here is my personal workaround (a real fix would JL> probably require a unified, secure-by-default treatment of TLS JL> throughout all libraries): I appreciate all your review. It's too late to make these changes for 24.4, but I think if you can review the state of things in 24.4, maybe we could discuss an expedited 24.5 release with security fixes (that would be up to the Emacs maintainers, of course). Thanks Ted From unknown Sat Jun 21 12:21:25 2025 X-Loop: help-debbugs@gnu.org Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities In-Reply-To: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 17 Mar 2014 21:34:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Jens Lechtenboerger Cc: 16978@debbugs.gnu.org, Glenn Morris Received: via spool by 16978-submit@debbugs.gnu.org id=B16978.139509198722167 (code B ref 16978); Mon, 17 Mar 2014 21:34:02 +0000 Received: (at 16978) by debbugs.gnu.org; 17 Mar 2014 21:33:07 +0000 Received: from localhost ([127.0.0.1]:39296 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WPf9e-0005lT-TZ for submit@debbugs.gnu.org; Mon, 17 Mar 2014 17:33:07 -0400 Received: from mail-qc0-f170.google.com ([209.85.216.170]:35990) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WPf9d-0005lL-6j for 16978@debbugs.gnu.org; Mon, 17 Mar 2014 17:33:05 -0400 Received: by mail-qc0-f170.google.com with SMTP id e9so6804197qcy.15 for <16978@debbugs.gnu.org>; Mon, 17 Mar 2014 14:33:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:user-agent :mail-copies-to:gmane-reply-to-list:date:message-id:mime-version :content-type; bh=1pciT17CiQlAhP8PiYEgHbcMtNXv6r/63/KIRZSarGk=; b=ud5mOj7dE7ikyTOyS9EBrV3xwW90qwzknY0sq0nUZKZhLsmGUtKZOCuwTjE6hzwuVG A3jHQJd6PEFbx7aK9FnfK5t2TKz8ABSBVEtj4dZxHknqV3MtAEIWRUjI4bTrHvoXJ4GJ 5G9pXpY4NypFWKlXCUufx52Ft22wETe3rc7MQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :user-agent:mail-copies-to:gmane-reply-to-list:date:message-id :mime-version:content-type; bh=1pciT17CiQlAhP8PiYEgHbcMtNXv6r/63/KIRZSarGk=; b=Ln8JNYX+kQ2zS8xL9Lvhc4xg/wNaL9ciqEQJv5I7tHWwKim3R440/+3eOK/FlrksVt yVZaDDQhy1ZD7gS5JGgh8S9pButxStc8aMF5xWh4fQy3wjwtJvSVued6qOaWxYndEfym keaMd8ntcI1ipysrCSmFLbAiW97WznN1+MByCOtr2ZMP3flvA8p4ttFNvLZsrUY0bhZ9 Gy+q41rvbdk3+MTuuGA5k30UG978AM23emjCudBVz9kqXY3C4n31v2Zb9xITR8OM6tRi zFasD5cVYIwvB8cSxIkZtLwbGrVUqIAlGxdwAQQIchNAfJ13Tfu+yG+LcgotBG4MWK5Q uTSA== X-Gm-Message-State: ALoCoQlVZXJRCqkFjXuDbBzbzMqaKwoiEZSp4QWLbsK1yPRF23hhx8ALm4wfNciDkSdH34eRSscO X-Received: by 10.140.22.39 with SMTP id 36mr29451731qgm.59.1395091984584; Mon, 17 Mar 2014 14:33:04 -0700 (PDT) Received: from flea (c-98-229-61-72.hsd1.ma.comcast.net. [98.229.61.72]) by mx.google.com with ESMTPSA id s6sm47170513qad.22.2014.03.17.14.33.03 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Mon, 17 Mar 2014 14:33:03 -0700 (PDT) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <86mwgwu0o6.fsf@informationelle-selbstbestimmung-im-internet.de> User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Mon, 17 Mar 2014 17:33:56 -0400 Message-ID: <87siqg7bnf.fsf@lifelogs.com> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Tue, 11 Mar 2014 18:04:25 +0100 Jens Lechtenboerger wrote: JL> I'm now on GNU Emacs 24.3.50.1. I can't get gnutls-verify-error to JL> work. So far I only tried that with NNTPS, not SMTP. If I set JL> gnutls-verify-error to t, the TCP connection to port 563 is closed JL> immediately (on the wire I see FIN/ACK immediately after the JL> three-way handshake; no TLS related data at all). JL> Afterwards, the server is shown as offline in the server buffer. JL> gnus-server-open-server fails as long as gnutls-verify-error is t. Hi Jens, I've tested this: (require 'gnutls) (setq gnutls-verify-error t) (open-gnutls-stream "tls" "tls-buffer" "imap.gmail.com" "imaps") (open-gnutls-stream "tls" "tls-buffer" "localhost" "imaps") I just made a small change to allow the t in the above, so please update to the latest. Can you please run `gnutls-serv' with the right options and hit it directly, and see if that replicates the issue? Thanks Ted From unknown Sat Jun 21 12:21:25 2025 X-Loop: help-debbugs@gnu.org Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities In-Reply-To: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> Resent-From: Jens Lechtenboerger Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 18 Mar 2014 21:16:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: 16978@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.139517732719472 (code B ref -1); Tue, 18 Mar 2014 21:16:02 +0000 Received: (at submit) by debbugs.gnu.org; 18 Mar 2014 21:15:27 +0000 Received: from localhost ([127.0.0.1]:40438 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WQ1M5-00053u-Ld for submit@debbugs.gnu.org; Tue, 18 Mar 2014 17:15:26 -0400 Received: from eggs.gnu.org ([208.118.235.92]:56731) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WQ1M2-00053h-OB for submit@debbugs.gnu.org; Tue, 18 Mar 2014 17:15:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WQ1Lw-0002sa-PO for submit@debbugs.gnu.org; Tue, 18 Mar 2014 17:15:22 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:35560) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WQ1Lw-0002sW-Ms for submit@debbugs.gnu.org; Tue, 18 Mar 2014 17:15:16 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58443) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WQ1Lr-0002Gw-DJ for bug-gnu-emacs@gnu.org; Tue, 18 Mar 2014 17:15:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WQ1Lm-0002nV-4v for bug-gnu-emacs@gnu.org; Tue, 18 Mar 2014 17:15:11 -0400 Received: from plane.gmane.org ([80.91.229.3]:55076) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WQ1Ll-0002kD-Tl for bug-gnu-emacs@gnu.org; Tue, 18 Mar 2014 17:15:06 -0400 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1WQ1Lk-00076g-3X for bug-gnu-emacs@gnu.org; Tue, 18 Mar 2014 22:15:04 +0100 Received: from mnsr-4db0a223.pool.mediaways.net ([77.176.162.35]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 18 Mar 2014 22:15:04 +0100 Received: from jens.lechtenboerger by mnsr-4db0a223.pool.mediaways.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 18 Mar 2014 22:15:04 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: bug-gnu-emacs@gnu.org From: Jens Lechtenboerger Date: Tue, 18 Mar 2014 22:04:08 +0100 Organization: Privat Lines: 63 Message-ID: <86y5078bhz.fsf@informationelle-selbstbestimmung-im-internet.de> References: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <878us88ri7.fsf@lifelogs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: mnsr-4db0a223.pool.mediaways.net Mail-Copies-To: never OpenPGP: id=0xA142FD84; url=http://www.informationelle-selbstbestimmung-im-internet.de/A142FD84.asc User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) Cancel-Lock: sha1:bIjn9EUy4F65L6FVm98oCOTMlJI= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) On 2014-03-17, Ted Zlatanov wrote: > On Mon, 10 Mar 2014 07:52:43 +0100 Jens Lechtenboerger > wrote: > > JL> gnutls-cli --tofu opens a TLS connection and asks whether the > JL> certificate can be trusted. > JL> [...] > JL> to prevent the process from hanging while waiting for the > JL> user's reply, option --strict-tofu (introduced in GnuTLS > JL> 3.2.12) can be used. > > That's wonderful, but please realize this doesn't work for Emacs because > often, interactive prompting would not be available. The consensus so > far has been to abort the connection and tell the user how to allow a > host specifically. Hi Ted, are you outlining plans for the future? According to what I observed so far, I’m either vulnerable to MITM attacks or I cannot use servers with self-signed certificates. I see three partially contradictory requirements here: 1. No interactive prompting. 2. Allow self-signed certificates. 3. Protect against MITM attacks (at least those involving self-signed forged certs; better yet, also with “trusted” forged certs). Among those three, at most two can be guaranteed simultaneously. >From http://debbugs.gnu.org/13374 I got the impression that (2) is a must. (I rely on self-signed certs as well.) In addition, in my view (3) is a must. Others may disagree and choose the convenience of (1) over the security of (3). If Emacs defaults to (1) over (3) based on a deliberate decision, that decision needs to be documented prominently. Coming back to your comment, I believe that --strict-tofu satisfies precisely what you describe: It aborts the connection, and you can add the new certificate with --tofu. > Can you suggest a cleaner way, perhaps using TOFU > with some C automation? I’m not really sure what you are looking for. > (`gnutls-cli' should not be assumed to be available) Sadly, that’s true. But it could (a) be recommended and (b) be used if it is available (and (c) be used in a safer way). > I appreciate all your review. It's too late to make these changes for > 24.4, but I think if you can review the state of things in 24.4, maybe > we could discuss an expedited 24.5 release with security fixes (that > would be up to the Emacs maintainers, of course). I’ll certainly work with 24.4. Just let me know what kind of input you need then. Best wishes Jens From unknown Sat Jun 21 12:21:25 2025 X-Loop: help-debbugs@gnu.org Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities Resent-From: Jens Lechtenboerger Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 18 Mar 2014 21:26:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: 16978@debbugs.gnu.org Cc: Glenn Morris Received: via spool by 16978-submit@debbugs.gnu.org id=B16978.139517795320611 (code B ref 16978); Tue, 18 Mar 2014 21:26:02 +0000 Received: (at 16978) by debbugs.gnu.org; 18 Mar 2014 21:25:53 +0000 Received: from localhost ([127.0.0.1]:40452 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WQ1WC-0005MM-Cs for submit@debbugs.gnu.org; Tue, 18 Mar 2014 17:25:53 -0400 Received: from moutng.kundenserver.de ([212.227.17.10]:58250) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WQ1W8-0005MB-ES for 16978@debbugs.gnu.org; Tue, 18 Mar 2014 17:25:49 -0400 Received: from PC (mnsr-4db0a223.pool.mediaWays.net [77.176.162.35]) by mrelayeu.kundenserver.de (node=mreue105) with ESMTP (Nemesis) id 0M0RFl-1XFv770dDB-00uYgH; Tue, 18 Mar 2014 22:25:44 +0100 From: Jens Lechtenboerger References: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <86mwgwu0o6.fsf@informationelle-selbstbestimmung-im-internet.de> <87siqg7bnf.fsf@lifelogs.com> OpenPGP: id=0xA142FD84; url=http://www.informationelle-selbstbestimmung-im-internet.de/A142FD84.asc Date: Tue, 18 Mar 2014 22:25:42 +0100 In-Reply-To: <87siqg7bnf.fsf@lifelogs.com> (Ted Zlatanov's message of "Mon, 17 Mar 2014 17:33:56 -0400") Message-ID: <86siqf8ai1.fsf@informationelle-selbstbestimmung-im-internet.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V02:K0:JhJ+ReraAA8yAguBxLA6+eRfS5CXmomYXJT0sJ0bXB5 uuC+QbDMCG1dbIgXtr8Co5eoWiQ+pHtt4ZL+E5EcMtJdgt2IaA OoAT/Ict7BQMMjc2mVS6w06mIqA9oP8BfKGF0z5nOXl2Aqomc+ XSrsITJjhtipq8tO/HBtWzMLPAqdqd3LPcpoMrvSlPw3B0l4tj dwEQENNJyVE4+4Ml5AgY8I3mrTD92uhqblFsnRYYHoLakB2Ijw L1rLbcWvo51lFeiFcaBly8ztFe69Sh84/pAk/FzENGhQUllFpy roCeuJLQ1wphP2H4rRLbdkAiqORuR4qmdhOUzPzzWmJ4/1lRMo xJd54jFBtETiqE1/Bz3BK6dmJ38r41N7xB+Czk0DN8w/DLwIp3 IkT02sgLIUm9g== X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 2014-03-17, Ted Zlatanov wrote: > (require 'gnutls) > (setq gnutls-verify-error t) > (open-gnutls-stream "tls" "tls-buffer" "imap.gmail.com" "imaps") > (open-gnutls-stream "tls" "tls-buffer" "localhost" "imaps") > > I just made a small change to allow the t in the above, so please > update to the latest. > > Can you please run `gnutls-serv' with the right options and hit it > directly, and see if that replicates the issue? Hi Ted, I don=E2=80=99t see `gnutls-serv'. The following works for me: (open-gnutls-stream "tls" "tls-buffer" "imap.gmail.com" "imaps") It also catches MITM attacks with self-signed certs: (error "Certificate validation failed imap.gmail.com, verification code 66") That=E2=80=99s good. Thanks Jens P.S. Self-signed certs are unusable now, e.g., this fails: (open-gnutls-stream "tls" "tls-buffer" "news.gmane.org" "nntps") Of course, this is to be expected, but Gnus aborts the connection without any user-visible clue, and the server is reported to be offline. P.P.S. I=E2=80=99m using imap.el, which knows of various ways to establish SSL/TLS connections, but gnutls.el is not among them. From unknown Sat Jun 21 12:21:25 2025 X-Loop: help-debbugs@gnu.org Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 20 Mar 2014 13:44:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: 16978@debbugs.gnu.org, jens.lechtenboerger@fsfe.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org, Jens Lechtenboerger Received: via spool by submit@debbugs.gnu.org id=B.139532299619781 (code B ref -1); Thu, 20 Mar 2014 13:44:02 +0000 Received: (at submit) by debbugs.gnu.org; 20 Mar 2014 13:43:16 +0000 Received: from localhost ([127.0.0.1]:41983 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WQdFb-00058y-8Y for submit@debbugs.gnu.org; Thu, 20 Mar 2014 09:43:15 -0400 Received: from eggs.gnu.org ([208.118.235.92]:57070) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WQdFW-00058j-FI for submit@debbugs.gnu.org; Thu, 20 Mar 2014 09:43:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WQdFS-0006R8-0S for submit@debbugs.gnu.org; Thu, 20 Mar 2014 09:43:10 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:41182) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WQdFR-0006R1-TK for submit@debbugs.gnu.org; Thu, 20 Mar 2014 09:43:05 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58755) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WQdFN-0007gT-O6 for bug-gnu-emacs@gnu.org; Thu, 20 Mar 2014 09:43:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WQdFJ-00068E-4U for bug-gnu-emacs@gnu.org; Thu, 20 Mar 2014 09:43:01 -0400 Received: from mail-qa0-x22e.google.com ([2607:f8b0:400d:c00::22e]:58960) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WQdFI-00066I-Ui for bug-gnu-emacs@gnu.org; Thu, 20 Mar 2014 09:42:57 -0400 Received: by mail-qa0-f46.google.com with SMTP id i13so831769qae.19 for ; Thu, 20 Mar 2014 06:42:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type:content-transfer-encoding; bh=tbj8Msv+2oY8twyp38S5WszoKpIOIKH/waqvEMgnDFo=; b=Jzox+ylcdBXV4ZTI28um/hbDWFk1KWpoFRv9whJYSID9AaCzHlqTymKR/7oLM0uvCD jUZQAb9cUWrJz5p3xgO+8b11VuHLdZ8Zba/UjU/90InZQDPH53T9oKWbM/GK+SYco+gD oqey3YWYJK+fG13gPQ6t6OUjvGJ4xBbjl5nag= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type:content-transfer-encoding; bh=tbj8Msv+2oY8twyp38S5WszoKpIOIKH/waqvEMgnDFo=; b=ThWAGOtPBncM+vX6aOemlTNl4RvnlpiLA+dZhudGIHLgHnRTJcfVqzCHFza0Lc2yRv NQdb2vgWt64SxUDWXHI/zhgmY52U3KqLPJ3E5anag8uX3x45uEveAST1u1PdT/TO3Tpk Jyqos9L1ldY72ZDGE0HN/oNX4phxd0v1Kz/FnWrNXW13EpRSRyzPmcrusBu5po8SVanf QX84ukvjQia0BA0L7AoWUX41JMpRhpI3Me35I1R3Dqk5Mu+hEiO2lQSOStsSfdzqMEKU Q4LcUpm/RrMvEGM6/ww3kSBCr/n8PJFLFZ/9+d2HasDvXb8D9MB6lF7bSi8E92EZR4AU ZOaQ== X-Gm-Message-State: ALoCoQll3IohhvdYEZnq6/BdQetxDaHzB1F/4ULRKqScoMrLvHtSRDYXKzkCliD2Ch+X+i5rgEvW X-Received: by 10.140.106.116 with SMTP id d107mr4264813qgf.44.1395322976043; Thu, 20 Mar 2014 06:42:56 -0700 (PDT) Received: from flea (c-98-229-61-72.hsd1.ma.comcast.net. [98.229.61.72]) by mx.google.com with ESMTPSA id u7sm3451250qap.5.2014.03.20.06.42.54 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 20 Mar 2014 06:42:55 -0700 (PDT) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <878us88ri7.fsf@lifelogs.com> <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <86mwgwu0o6.fsf@informationelle-selbstbestimmung-im-internet.de> <87siqg7bnf.fsf@lifelogs.com> <86y5078bhz.fsf@informationelle-selbstbestimmung-im-internet.de> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Thu, 20 Mar 2014 09:43:50 -0400 In-Reply-To: <86y5078bhz.fsf@informationelle-selbstbestimmung-im-internet.de> (Jens Lechtenboerger's message of "Tue, 18 Mar 2014 22:04:08 +0100, Tue, 18 Mar 2014 22:25:42 +0100") Message-ID: <87ior93rzd.fsf_-_@lifelogs.com> User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) On Tue, 18 Mar 2014 22:04:08 +0100 Jens Lechtenboerger wrote:=20 JL> I see three partially contradictory requirements here: JL> 1. No interactive prompting. JL> 2. Allow self-signed certificates. JL> 3. Protect against MITM attacks (at least those involving JL> self-signed forged certs; better yet, also with =E2=80=9Ctrusted=E2= =80=9D forged JL> certs). JL> Among those three, at most two can be guaranteed simultaneously. Right, of course. That's the challenge. Oh, and it must work for everyone out of the box without ever checking release notes and the manual :) I think the self-signed certificates are the one we can omit, it's a fairly rare use case. We can provide a *simple* certificate manager UI to list, display, and add/modify/remove certificates to make it easy, but otherwise we can reject these with a suitable message "this certificate can't be verified; to accept it run COMMANDHERE SITEHERE". The certificate manager UI could do the TOFU interaction. Once we have that we can reject unverified certificates, after 24.4 is out. Until then it has to be nil by default IMO. JL> From http://debbugs.gnu.org/13374 I got the impression that (2) is a JL> must. (I rely on self-signed certs as well.) In addition, in my JL> view (3) is a must. Others may disagree and choose the convenience of JL> (1) over the security of (3). If Emacs defaults to (1) over (3) JL> based on a deliberate decision, that decision needs to be documented JL> prominently. JL> Coming back to your comment, I believe that --strict-tofu satisfies JL> precisely what you describe: It aborts the connection, and you can JL> add the new certificate with --tofu. >> Can you suggest a cleaner way, perhaps using TOFU >> with some C automation? JL> I=E2=80=99m not really sure what you are looking for. You provided the workflow above. Now the question is, how can Emacs implement it in a way that works interactively and non-interactively? For storage of the certificates, I think ~/.emacs.d/certs/hostname.somextension is the right place. I asked this on gnutls-devel a while ago so we can revisit the discussion when we have the UI worked out. For the UI I suggested a certificate manager mode. Maybe that's overkill, I don't know. >> I appreciate all your review. It's too late to make these changes for >> 24.4, but I think if you can review the state of things in 24.4, maybe >> we could discuss an expedited 24.5 release with security fixes (that >> would be up to the Emacs maintainers, of course). JL> I=E2=80=99ll certainly work with 24.4. Just let me know what kind of i= nput JL> you need then. How to automate the TOFU, so far. JL> I don=E2=80=99t see `gnutls-serv'. The following works for me: JL> (open-gnutls-stream "tls" "tls-buffer" "imap.gmail.com" "imaps") JL> It also catches MITM attacks with self-signed certs: JL> (error "Certificate validation failed imap.gmail.com, verification JL> code 66") JL> That=E2=80=99s good. Wonderful! JL> P.S. Self-signed certs are unusable now, e.g., this fails: JL> (open-gnutls-stream "tls" "tls-buffer" "news.gmane.org" "nntps") JL> Of course, this is to be expected, but Gnus aborts the connection JL> without any user-visible clue, and the server is reported to be JL> offline. Hmm. That seems a Gnus bug :) Can you submit it separately, to keep the books clean, after testing with the latest Gnus? JL> P.P.S. I=E2=80=99m using imap.el, which knows of various ways to establ= ish JL> SSL/TLS connections, but gnutls.el is not among them. I think you're on an old Gnus then, which is strange considering you're testing with a recent Emacs. What's `M-x gnus-version'? Ted From unknown Sat Jun 21 12:21:25 2025 X-Loop: help-debbugs@gnu.org Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities Resent-From: Lars Magne Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 20 Mar 2014 14:40:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: 16978@debbugs.gnu.org Received: via spool by 16978-submit@debbugs.gnu.org id=B16978.139532639530226 (code B ref 16978); Thu, 20 Mar 2014 14:40:02 +0000 Received: (at 16978) by debbugs.gnu.org; 20 Mar 2014 14:39:55 +0000 Received: from localhost ([127.0.0.1]:42387 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WQe8Q-0007rS-SH for submit@debbugs.gnu.org; Thu, 20 Mar 2014 10:39:55 -0400 Received: from hermes.netfonds.no ([80.91.224.195]:59420) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WQe8G-0007r6-Qv for 16978@debbugs.gnu.org; Thu, 20 Mar 2014 10:39:46 -0400 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1WQe80-0002XT-E9 for 16978@debbugs.gnu.org; Thu, 20 Mar 2014 15:39:28 +0100 From: Lars Magne Ingebrigtsen References: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <878us88ri7.fsf@lifelogs.com> <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <86mwgwu0o6.fsf@informationelle-selbstbestimmung-im-internet.de> <87siqg7bnf.fsf@lifelogs.com> <86y5078bhz.fsf@informationelle-selbstbestimmung-im-internet.de> <87ior93rzd.fsf_-_@lifelogs.com> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEU6KSMZDAnFurScjojx 6+hoWFH+/v1jfVVQAAACd0lEQVQ4jXWUwZKjIBCGG5U9y2a8ZxvN2ajkPIXoGWXY85bJ8P6PsA1k puYSkiqt/6O7/8ZWCC8WvAT30ameexACYNLe+TGt9QswIVi5hsX7SOQTWAL1NFfTgQmoFEG3lltW GDM31nLw7pnKc2uBwBruJ0sZRfkTAKtWowrfExBO/QTNas4wLHUNolHqGzDRmPkdwPLTOYb4DGIX k9EMiJwkbcoAbOxiUIpapJTGXEUCZGkTNf2EoAKsNHpknMAnAUrkWAZcDShZkyOYqNduEfG0gI/O 0G0EpItJY7tRBPmWMP0hEOCTHO1GyQiKDvaD79YLnkAVHpLtV1FXWIaDez6whgAjoDfhZraP+nIg PRt3rQkIUd3J18ekYDcoPUWcWQLNvlB97s+T7uj8uS06EQFUYx+diQ8JcXlotzrWcJXaEmiizL0t 7myLoCoXxiIQddzv7WWuUx/NhsCoGfYExeNMBbPdjgGjf85007b2GXjTJzVnMrNtXALs923JMgVQ JrVx5zLA41v3l5nixjH2AWAefc7j3R7eIQ4WzS495yosSaYpHIJK05sA8PVIOgnDoyzlOAw5An7p qKu01fkdMyDvbw+fxx9l8DMgIgGysjVGUUVJggz91BcJUA52NV3cnoB33ekLNH9W+QQYuNzZkIF7 625z1o0OBY7nQhNwThWy0qQPaFo0u8ahxAT6UjmMnmQrUbp5RvUR4BhdT47aWESSLzloAi6B6zwO f6UcYgnsUFMtt8Ix4JWUUWsTl/7XrnRpCSBupjVSt8as5rgtlxA0mmw36FFRXcqk8EwZMb6cn/Tq GyN5O7uRTCAdJ30RYH39kXkF/gM+J+kc0PYFjwAAAABJRU5ErkJggg== X-Now-Playing: Various's _Nature Mortes - Still Lives_: "Modern English - Gathering Dust" X-Hashcash: 1:23:140320:16978@debbugs.gnu.org::KLu/b6iDfK35cvtQ:0000000000000000000000000000000000000000JZIv X-Hashcash: 1:23:140320:jens.lechtenboerger@fsfe.org::whYMh6NQfB0lBv6q:000000000000000000000000000000001BSky Date: Thu, 20 Mar 2014 15:39:28 +0100 In-Reply-To: <87ior93rzd.fsf_-_@lifelogs.com> (Ted Zlatanov's message of "Thu, 20 Mar 2014 09:43:50 -0400") Message-ID: User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1WQe80-0002XT-E9 X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1395931169.29559@6G4pERUZmVO/Dy9S6wNZVw X-Spam-Status: No X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Ted Zlatanov writes: > I think the self-signed certificates are the one we can omit, it's a > fairly rare use case. No, it's quite common for mail servers and the like. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From unknown Sat Jun 21 12:21:25 2025 X-Loop: help-debbugs@gnu.org Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 21 Mar 2014 10:24:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Lars Magne Ingebrigtsen Cc: 16978@debbugs.gnu.org Received: via spool by 16978-submit@debbugs.gnu.org id=B16978.13953974378783 (code B ref 16978); Fri, 21 Mar 2014 10:24:01 +0000 Received: (at 16978) by debbugs.gnu.org; 21 Mar 2014 10:23:57 +0000 Received: from localhost ([127.0.0.1]:42981 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WQwcD-0002HV-Pc for submit@debbugs.gnu.org; Fri, 21 Mar 2014 06:23:57 -0400 Received: from mail-qc0-f177.google.com ([209.85.216.177]:42201) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WQwc8-0002HF-FD for 16978@debbugs.gnu.org; Fri, 21 Mar 2014 06:23:52 -0400 Received: by mail-qc0-f177.google.com with SMTP id w7so2457268qcr.36 for <16978@debbugs.gnu.org>; Fri, 21 Mar 2014 03:23:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=f++oPPtHohknUOXVSfRDDjRSTb6dTEdt/THc8N6qgQk=; b=PYb8Nmz2WHePVBRJp2Txek5rKZobMw2o8ovN2J2qj4IvKGnYq3mCh72Qr8OCdyTj/A QmzpIIf7vagY+16yWAq/LqOAik7NdXCXcGmDojZxPfsb/ze0JL9EZqne8l63VkN/OF2M 9lAR2OQgUqdgrUe2H7eJAM8+MLpW1dibwVIzc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=f++oPPtHohknUOXVSfRDDjRSTb6dTEdt/THc8N6qgQk=; b=LpJ2VJVBXVGBZG1U3SEx+U9+Akz87Lki6+mVKCb+j70UDk8uX0Pi+dyOjCSsLFcY51 u9yjN4/JQ6/XjnYCkzhgFZ8Ve9NINz0Q5QdaC3nrea5JFeeXVU6B/XMeJXjgIkjFZ55V bVXGe5M9lKtgIyEd2Kl351o2WX8sJzQZpDMmcIeUqx1c8rkxOsRGG0+zJohCZnkIkO2X cBS7dOm6zSijxh3aO5H1TgD1kS6oIJk5PPS1Qha87TAA9IZ8D8E7nrst+xHcCsm+JoKW YKp2yKEmyR9JgVPW39drkDVryO3u3wK36dp2nuim7289Qn3epR5TxsGBrXwa7MwuZODR FscQ== X-Gm-Message-State: ALoCoQluDVMQ/25sLeph8OgNfHad126VCg47FELdRmLwDnFP+OG/uWm9ynuwlSmrqKuJ4z3rI6NA X-Received: by 10.140.30.98 with SMTP id c89mr53013412qgc.13.1395397428262; Fri, 21 Mar 2014 03:23:48 -0700 (PDT) Received: from flea (c-98-229-61-72.hsd1.ma.comcast.net. [98.229.61.72]) by mx.google.com with ESMTPSA id v12sm8589925qav.23.2014.03.21.03.23.47 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Fri, 21 Mar 2014 03:23:47 -0700 (PDT) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <878us88ri7.fsf@lifelogs.com> <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <86mwgwu0o6.fsf@informationelle-selbstbestimmung-im-internet.de> <87siqg7bnf.fsf@lifelogs.com> <86y5078bhz.fsf@informationelle-selbstbestimmung-im-internet.de> <87ior93rzd.fsf_-_@lifelogs.com> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Fri, 21 Mar 2014 06:24:44 -0400 In-Reply-To: (Lars Magne Ingebrigtsen's message of "Thu, 20 Mar 2014 15:39:28 +0100") Message-ID: <87k3bn3l3n.fsf@lifelogs.com> User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Thu, 20 Mar 2014 15:39:28 +0100 Lars Magne Ingebrigtsen wrote: LMI> Ted Zlatanov writes: >> I think the self-signed certificates are the one we can omit, it's a >> fairly rare use case. LMI> No, it's quite common for mail servers and the like. OK. With a certificate manager UI, do you think this use case is handled as I proposed, or do we need a more thorough solution here? Ted From unknown Sat Jun 21 12:21:25 2025 X-Loop: help-debbugs@gnu.org Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities In-Reply-To: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> Resent-From: Jens Lechtenboerger Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 21 Mar 2014 20:50:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: 16978@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.13954349781725 (code B ref -1); Fri, 21 Mar 2014 20:50:03 +0000 Received: (at submit) by debbugs.gnu.org; 21 Mar 2014 20:49:38 +0000 Received: from localhost ([127.0.0.1]:43949 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WR6Nl-0000Rk-FY for submit@debbugs.gnu.org; Fri, 21 Mar 2014 16:49:38 -0400 Received: from eggs.gnu.org ([208.118.235.92]:47932) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WR6Nj-0000RX-6m for submit@debbugs.gnu.org; Fri, 21 Mar 2014 16:49:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WR6Nd-0004O0-Bl for submit@debbugs.gnu.org; Fri, 21 Mar 2014 16:49:34 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:49459) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WR6Nd-0004Nw-8R for submit@debbugs.gnu.org; Fri, 21 Mar 2014 16:49:29 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49632) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WR6NX-00009l-Uj for bug-gnu-emacs@gnu.org; Fri, 21 Mar 2014 16:49:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WR6NS-0004MI-Pl for bug-gnu-emacs@gnu.org; Fri, 21 Mar 2014 16:49:23 -0400 Received: from plane.gmane.org ([80.91.229.3]:34502) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WR6NS-0004M4-J6 for bug-gnu-emacs@gnu.org; Fri, 21 Mar 2014 16:49:18 -0400 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1WR6NP-0002OV-Pc for bug-gnu-emacs@gnu.org; Fri, 21 Mar 2014 21:49:15 +0100 Received: from mnsr-d9bf35af.pool.mediaways.net ([217.191.53.175]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 21 Mar 2014 21:49:15 +0100 Received: from jens.lechtenboerger by mnsr-d9bf35af.pool.mediaways.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 21 Mar 2014 21:49:15 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: bug-gnu-emacs@gnu.org From: Jens Lechtenboerger Date: Fri, 21 Mar 2014 21:49:03 +0100 Organization: Privat Lines: 30 Message-ID: <861txvjn0g.fsf@informationelle-selbstbestimmung-im-internet.de> References: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <878us88ri7.fsf@lifelogs.com> <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <86mwgwu0o6.fsf@informationelle-selbstbestimmung-im-internet.de> <87siqg7bnf.fsf@lifelogs.com> <86y5078bhz.fsf@informationelle-selbstbestimmung-im-internet.de> <87ior93rzd.fsf_-_@lifelogs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: mnsr-d9bf35af.pool.mediaways.net Mail-Copies-To: never OpenPGP: id=0xA142FD84; url=http://www.informationelle-selbstbestimmung-im-internet.de/A142FD84.asc User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) Cancel-Lock: sha1:4wLiU5r84mfDg25BwkDcNwsdBHU= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) On Thu, 20 Mar 2014 09:43:50 -0400, Ted Zlatanov said: TZ> For storage of the certificates, I think TZ> ~/.emacs.d/certs/hostname.somextension is the right place. I TZ> asked this on gnutls-devel a while ago so we can revisit the TZ> discussion when we have the UI worked out. Hi Ted, GnuTLS uses the file ~/.gnutls/known_hosts. I did not look into this, but why do want to duplicate that functionality in Emacs? JL> P.S. Self-signed certs are unusable now [...] TZ> Hmm. That seems a Gnus bug :) Can you submit it separately, to TZ> keep the books clean, after testing with the latest Gnus? Done: http://debbugs.gnu.org/17061 JL> P.P.S. I’m using imap.el, which knows of various ways to JL> establish SSL/TLS connections, but gnutls.el is not among them. TZ> I think you're on an old Gnus then, which is strange considering TZ> you're testing with a recent Emacs. What's `M-x gnus-version'? v5.13 and Ma Gnus v0.10. I’m using imap among `mail-sources' via imap.el, not nnimap. (The latter is on my todo list.) Best wishes Jens From unknown Sat Jun 21 12:21:25 2025 X-Loop: help-debbugs@gnu.org Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities Resent-From: Lars Magne Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 24 Mar 2014 12:16:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16978 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: 16978@debbugs.gnu.org Received: via spool by 16978-submit@debbugs.gnu.org id=B16978.1395663316412 (code B ref 16978); Mon, 24 Mar 2014 12:16:01 +0000 Received: (at 16978) by debbugs.gnu.org; 24 Mar 2014 12:15:16 +0000 Received: from localhost ([127.0.0.1]:46771 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WS3ma-00006R-Qs for submit@debbugs.gnu.org; Mon, 24 Mar 2014 08:15:16 -0400 Received: from hermes.netfonds.no ([80.91.224.195]:58627) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WS3mU-000069-O2 for 16978@debbugs.gnu.org; Mon, 24 Mar 2014 08:15:10 -0400 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1WS3mE-00046G-2n for 16978@debbugs.gnu.org; Mon, 24 Mar 2014 13:14:50 +0100 From: Lars Magne Ingebrigtsen References: <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <878us88ri7.fsf@lifelogs.com> <86siqqv938.fsf@informationelle-selbstbestimmung-im-internet.de> <86mwgwu0o6.fsf@informationelle-selbstbestimmung-im-internet.de> <87siqg7bnf.fsf@lifelogs.com> <86y5078bhz.fsf@informationelle-selbstbestimmung-im-internet.de> <87ior93rzd.fsf_-_@lifelogs.com> <87k3bn3l3n.fsf@lifelogs.com> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAElBMVEVBTFw4RFNNVWSOlaAy NkIkJi8NWn0KAAACeklEQVQ4ja1TS47lIAw0Fm8PiOyNQ+9bry8QMmafRHD/q0wx6t18VoMSlMh2 UVU2FH9fbm30h0D8VyDQd7H7reLrL+t/BnTt+/e7lr7xIuAiqxjvn4+W+KiSayr+2ImdJcosx3YI ISmyeI1IMNUy2ELioGttj6Zde6LXkIYsIpdUoh6lMcL1pou2+agLgXxAyLMyLRDAlmmnZBdICeBl FSQlGiaxOyWm5EPJ6b01fqOO6lSV4FujoDiG8JP3t6sU8+VitlTufqq3oO+P+bw10zYiBKZ8FhSI yyDVB0AohuAalLTkzmaRX2MvM30JZZuWWHo4/KHlJOWnWj+/SNgFlOfBDhC1wbH9c86H+lVi5iQ4 NYexekwQqJ20QHCf0dlw1ha+ioOB0DGbQdm4WCLSYgtQ7wQusD21j1TE+hHfZRu3gjlRFAbWaKhO GY5bwhElU57DTZVsUFUHi81TUlwWO9ezS/4qyIyGBhRweXR187Zz9Wi7gM1UL/UD7oq+7uKCt0ty kjmSenRRK6mfC13DK0hPkCETRsD/pS3ffVioI4NafhaFodRIttP/6ucLhLherh/af9BdW06aLQiy GYzhSXF9UmBifxazNqMAymy5DxP7gTG51qjVEWPjnjBTZU0iRrfPRL6fAOttWT5O3Ql88D3NMrF+ TBgoHQCVbnfACjHK4NInNjXMu1KJZuixZhETsN76o8zrjGmwoSJ3haXbcSplXOfJvaU1fqxOZcB9 OUbgQTrygM/zrJpxAsz3LWrGzZpG6JXWQ+cEdy3ecKGU7iaSSnLzYFhj+caInrElZLMUWB9Xtr5G bF9lA1Fq8Gba4jStD+jNGHo8PwFhzaukIiiSlAAAAABJRU5ErkJggg== X-Now-Playing: Fennesz, Sakamoto's _Flumina (1)_: "0404" X-Hashcash: 1:23:140324:16978@debbugs.gnu.org::8eYXes5Fwq7mENzO:0000000000000000000000000000000000000000JjGf Date: Mon, 24 Mar 2014 13:14:49 +0100 In-Reply-To: <87k3bn3l3n.fsf@lifelogs.com> (Ted Zlatanov's message of "Fri, 21 Mar 2014 06:24:44 -0400") Message-ID: User-Agent: Gnus/5.13001 (Ma Gnus v0.10) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1WS3mE-00046G-2n X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1396268090.6251@dLQ/s8Oc15DBWSyPeD1DKw X-Spam-Status: No X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Ted Zlatanov writes: > On Thu, 20 Mar 2014 15:39:28 +0100 Lars Magne Ingebrigtsen > wrote: > > LMI> Ted Zlatanov writes: >>> I think the self-signed certificates are the one we can omit, it's a >>> fairly rare use case. > > LMI> No, it's quite common for mail servers and the like. > > OK. With a certificate manager UI, do you think this use case is > handled as I proposed, or do we need a more thorough solution here? No, a certificate manager UI is just what we need. >"? -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 03 19:46:14 2014 Received: (at control) by debbugs.gnu.org; 3 Oct 2014 23:46:14 +0000 Received: from localhost ([127.0.0.1]:60664 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XaCYA-0006tl-7a for submit@debbugs.gnu.org; Fri, 03 Oct 2014 19:46:14 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:44770) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XaCY7-0006tc-BS for control@debbugs.gnu.org; Fri, 03 Oct 2014 19:46:11 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1XaCY6-0007tY-Rr for control@debbugs.gnu.org; Fri, 03 Oct 2014 19:46:10 -0400 Date: Fri, 03 Oct 2014 19:46:10 -0400 Message-Id: Subject: control message for bug 16193 To: X-Mailer: mail (GNU Mailutils 2.1) From: Glenn Morris X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) merge 16978 16193 From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 23 12:11:04 2014 Received: (at control) by debbugs.gnu.org; 23 Nov 2014 17:11:04 +0000 Received: from localhost ([127.0.0.1]:42861 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xsagi-0005Ky-3x for submit@debbugs.gnu.org; Sun, 23 Nov 2014 12:11:04 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:47865) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xsage-0005KK-J9 for control@debbugs.gnu.org; Sun, 23 Nov 2014 12:11:01 -0500 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1XsagN-0006eF-0u for control@debbugs.gnu.org; Sun, 23 Nov 2014 18:10:43 +0100 Date: Sun, 23 Nov 2014 18:10:42 +0100 Message-Id: To: control@debbugs.gnu.org From: Lars Magne Ingebrigtsen Subject: control message for bug #18600 X-MailScanner-ID: 1XsagN-0006eF-0u X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1417367443.44147@1nR7n+u+MI1L6d0nXXYEyw X-Spam-Status: No X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) tags 18600 fixed close 18600 25.1