From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Jens Lechtenboerger Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 05 Dec 2014 19:44:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 19284@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.141780863422782 (code B ref -1); Fri, 05 Dec 2014 19:44:01 +0000 Received: (at submit) by debbugs.gnu.org; 5 Dec 2014 19:43:54 +0000 Received: from localhost ([127.0.0.1]:54976 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XwynC-0005vN-72 for submit@debbugs.gnu.org; Fri, 05 Dec 2014 14:43:54 -0500 Received: from eggs.gnu.org ([208.118.235.92]:48845) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XwynA-0005vG-Q0 for submit@debbugs.gnu.org; Fri, 05 Dec 2014 14:43:52 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xwyn0-0005f5-RF for submit@debbugs.gnu.org; Fri, 05 Dec 2014 14:43:52 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:38678) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xwyn0-0005ez-OM for submit@debbugs.gnu.org; Fri, 05 Dec 2014 14:43:42 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50545) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xwymt-0003xe-7b for bug-gnu-emacs@gnu.org; Fri, 05 Dec 2014 14:43:42 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xwyml-0005Zx-OI for bug-gnu-emacs@gnu.org; Fri, 05 Dec 2014 14:43:35 -0500 Received: from mx2.mailbox.org ([80.241.60.215]:39502) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xwyml-0005ZW-Hv for bug-gnu-emacs@gnu.org; Fri, 05 Dec 2014 14:43:27 -0500 Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.mailbox.org (Postfix) with ESMTPS id 67BF841F37 for ; Fri, 5 Dec 2014 20:43:26 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) (using TLS with cipher AES256-GCM-SHA384) by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030) with ESMTPS id heevfMwCnvXR for ; Fri, 5 Dec 2014 20:43:11 +0100 (CET) From: Jens Lechtenboerger Date: Fri, 05 Dec 2014 20:43:09 +0100 Message-ID: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) This is a followup to bug#16978, where I reported multiple MITM issues. tls.el calls gnutls-cli with option --insecure. As Emacs applies TOFU by default via nsm.el (great work, many thanks!), the above is dangerous. I continue to use the following: (setq tls-program '("gnutls-cli --strict-tofu -p %p %h")) I=E2=80=99m not sure under what conditions tls.el is necessary. Is it? Best wishes Jens From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 28 11:43:37 2015 Received: (at control) by debbugs.gnu.org; 28 Jul 2015 15:43:37 +0000 Received: from localhost ([127.0.0.1]:32914 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZK72X-0008IZ-MK for submit@debbugs.gnu.org; Tue, 28 Jul 2015 11:43:37 -0400 Received: from eggs.gnu.org ([208.118.235.92]:55178) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZK72V-0008IR-UD for control@debbugs.gnu.org; Tue, 28 Jul 2015 11:43:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZK72T-0007zS-OL for control@debbugs.gnu.org; Tue, 28 Jul 2015 11:43:35 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:44802) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZK72T-0007zJ-Ld for control@debbugs.gnu.org; Tue, 28 Jul 2015 11:43:33 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1ZK72T-0003bE-E6 for control@debbugs.gnu.org; Tue, 28 Jul 2015 11:43:33 -0400 Subject: control message for bug 19759 To: X-Mailer: mail (GNU Mailutils 2.99.98) Message-Id: From: Glenn Morris Date: Tue, 28 Jul 2015 11:43:33 -0400 X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::e X-Spam-Score: -6.4 (------) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.4 (------) block 19759 by 19284 From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 26 Dec 2015 21:17:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Jens Lechtenboerger Cc: 19284@debbugs.gnu.org Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.14511645697623 (code B ref 19284); Sat, 26 Dec 2015 21:17:01 +0000 Received: (at 19284) by debbugs.gnu.org; 26 Dec 2015 21:16:09 +0000 Received: from localhost ([127.0.0.1]:42193 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aCwC9-0001yt-KC for submit@debbugs.gnu.org; Sat, 26 Dec 2015 16:16:09 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:43054) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aCwC8-0001yl-Ar for 19284@debbugs.gnu.org; Sat, 26 Dec 2015 16:16:08 -0500 Received: from 2.150.58.24.tmi.telenormobil.no ([2.150.58.24] helo=mouse) by hermes.netfonds.no with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1aCwBm-0005Bd-Pu; Sat, 26 Dec 2015 22:15:46 +0100 From: Lars Ingebrigtsen References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> Date: Sat, 26 Dec 2015 22:15:45 +0100 In-Reply-To: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> (Jens Lechtenboerger's message of "Fri, 05 Dec 2014 20:43:09 +0100") Message-ID: <87k2o0q5by.fsf@gnus.org> User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-MailScanner-ID: 1aCwBm-0005Bd-Pu X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1451769347.5596@cMuldQMBmdq+gYi9AU/ieQ X-Spam-Status: No X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Jens Lechtenboerger writes: > This is a followup to bug#16978, where I reported multiple MITM > issues. > > tls.el calls gnutls-cli with option --insecure. > > As Emacs applies TOFU by default via nsm.el (great work, many > thanks!), the above is dangerous. I continue to use the following: > (setq tls-program '("gnutls-cli --strict-tofu -p %p %h")) > > I=92m not sure under what conditions tls.el is necessary. Is it? tls is not used if Emacs is build with GnuTLS (which all significant distributions are, I think).=20=20 As Stefan said in a different report -- perhaps we should just require Emacs with built-in TLS support if you want to use TLS. That would essentially mean that we should just remove tls.el and starttls.el. Alternatively we could, in Emacs 25.1, just remove the --insecure settings and let people who try to connect to their IMAP server just fail somewhat mysteriously (it's very common to have self-signed certs for IMAP). --=20 (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Andreas Schwab Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 26 Dec 2015 21:41:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Lars Ingebrigtsen Cc: Jens Lechtenboerger , 19284@debbugs.gnu.org Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.14511660129923 (code B ref 19284); Sat, 26 Dec 2015 21:41:01 +0000 Received: (at 19284) by debbugs.gnu.org; 26 Dec 2015 21:40:12 +0000 Received: from localhost ([127.0.0.1]:42224 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aCwZM-0002Zv-NK for submit@debbugs.gnu.org; Sat, 26 Dec 2015 16:40:12 -0500 Received: from mail-out.m-online.net ([212.18.0.9]:33935) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aCwZI-0002Zl-5p for 19284@debbugs.gnu.org; Sat, 26 Dec 2015 16:40:07 -0500 Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 3pSdpV24Mtz3hj9q; Sat, 26 Dec 2015 22:40:02 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.68]) by mail.m-online.net (Postfix) with ESMTP id 3pSdpV0zhQzvh1r; Sat, 26 Dec 2015 22:40:02 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavisd-new, port 10024) with ESMTP id jXr1TnY4Z5ws; Sat, 26 Dec 2015 22:39:57 +0100 (CET) X-Auth-Info: Wd324lQu+mxVcWOnoHDEadHrUWjNRv7gSxYthyXpYPMbVhU1gjL1liRCwNK/fH9u Received: from linux.local (p4FE4D784.dip0.t-ipconnect.de [79.228.215.132]) by mail.mnet-online.de (Postfix) with ESMTPA; Sat, 26 Dec 2015 22:39:57 +0100 (CET) Received: by linux.local (Postfix, from userid 501) id 40CE91E535C; Sat, 26 Dec 2015 22:39:53 +0100 (CET) From: Andreas Schwab References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> X-Yow: Gee, I feel kind of LIGHT in the head now, knowing I can't make my satellite dish PAYMENTS! Date: Sat, 26 Dec 2015 22:39:52 +0100 In-Reply-To: <87k2o0q5by.fsf@gnus.org> (Lars Ingebrigtsen's message of "Sat, 26 Dec 2015 22:15:45 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Lars Ingebrigtsen writes: > tls is not used if Emacs is build with GnuTLS This is wrong. Both tls and starttls are used by mail-source. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 26 Dec 2015 21:50:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Andreas Schwab Cc: Jens Lechtenboerger , 19284@debbugs.gnu.org Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.145116658117189 (code B ref 19284); Sat, 26 Dec 2015 21:50:02 +0000 Received: (at 19284) by debbugs.gnu.org; 26 Dec 2015 21:49:41 +0000 Received: from localhost ([127.0.0.1]:42248 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aCwib-0004TB-72 for submit@debbugs.gnu.org; Sat, 26 Dec 2015 16:49:41 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:54598) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aCwiZ-0004T2-Et for 19284@debbugs.gnu.org; Sat, 26 Dec 2015 16:49:39 -0500 Received: from 2.150.58.24.tmi.telenormobil.no ([2.150.58.24] helo=mouse) by hermes.netfonds.no with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1aCwiD-0005W7-34; Sat, 26 Dec 2015 22:49:17 +0100 From: Lars Ingebrigtsen References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> Date: Sat, 26 Dec 2015 22:49:16 +0100 In-Reply-To: (Andreas Schwab's message of "Sat, 26 Dec 2015 22:39:52 +0100") Message-ID: <87r3i8op7n.fsf@gnus.org> User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1aCwiD-0005W7-34 X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1451771358.44541@Pq9HeasSXdxUnlGjx1eKIw X-Spam-Status: No X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Andreas Schwab writes: > This is wrong. Both tls and starttls are used by mail-source. Uhm... I can't find any such usages (after I fixed imap.el to not do that). But I may be misreading. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Andreas Schwab Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 27 Dec 2015 10:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Lars Ingebrigtsen Cc: Jens Lechtenboerger , 19284@debbugs.gnu.org Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.145121037910522 (code B ref 19284); Sun, 27 Dec 2015 10:00:02 +0000 Received: (at 19284) by debbugs.gnu.org; 27 Dec 2015 09:59:39 +0000 Received: from localhost ([127.0.0.1]:42432 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aD86y-0002jb-3S for submit@debbugs.gnu.org; Sun, 27 Dec 2015 04:59:39 -0500 Received: from mail-out.m-online.net ([212.18.0.9]:55576) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aD86s-0002jQ-Q6 for 19284@debbugs.gnu.org; Sun, 27 Dec 2015 04:59:34 -0500 Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 3pSyCh4gqLz3hj9R; Sun, 27 Dec 2015 10:59:28 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.68]) by mail.m-online.net (Postfix) with ESMTP id 3pSyCh2Xb3zvh2F; Sun, 27 Dec 2015 10:59:28 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavisd-new, port 10024) with ESMTP id O8jTrYuyzHGq; Sun, 27 Dec 2015 10:59:23 +0100 (CET) X-Auth-Info: KjEzjL5LK43/tcvhbNCytTe6TyKL63f0nb6dJ9ByVQd0Di/aCQsb9DPlLz9h1EMx Received: from linux.local (p4FE4DDE1.dip0.t-ipconnect.de [79.228.221.225]) by mail.mnet-online.de (Postfix) with ESMTPA; Sun, 27 Dec 2015 10:59:23 +0100 (CET) Received: by linux.local (Postfix, from userid 501) id 3E16B1E5308; Sun, 27 Dec 2015 10:59:19 +0100 (CET) From: Andreas Schwab References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> <87r3i8op7n.fsf@gnus.org> X-Yow: JAPAN is a WONDERFUL planet -- I wonder if we'll ever reach their level of COMPARATIVE SHOPPING... Date: Sun, 27 Dec 2015 10:59:19 +0100 In-Reply-To: <87r3i8op7n.fsf@gnus.org> (Lars Ingebrigtsen's message of "Sat, 26 Dec 2015 22:49:16 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Lars Ingebrigtsen writes: > (after I fixed imap.el to not do that) Oh, I didn't notice that yet. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 28 Dec 2015 22:05:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: Lars Ingebrigtsen Cc: Jens Lechtenboerger , 19284@debbugs.gnu.org Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.14513402777908 (code B ref 19284); Mon, 28 Dec 2015 22:05:02 +0000 Received: (at 19284) by debbugs.gnu.org; 28 Dec 2015 22:04:37 +0000 Received: from localhost ([127.0.0.1]:46847 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aDfu5-00023R-JN for submit@debbugs.gnu.org; Mon, 28 Dec 2015 17:04:37 -0500 Received: from mail-qg0-f46.google.com ([209.85.192.46]:36521) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aDfu0-00023B-92 for 19284@debbugs.gnu.org; Mon, 28 Dec 2015 17:04:32 -0500 Received: by mail-qg0-f46.google.com with SMTP id e32so63650966qgf.3 for <19284@debbugs.gnu.org>; Mon, 28 Dec 2015 14:04:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=9eP07uQ0y9kE9GAANW7ipAeIFR8UUGB9NFRXqkepIV8=; b=NF3vrTWsXfzB/Rst04mRTWi1xxYZ4WVAxeRrOc26LBXAgkSBZhpU9znXcYde470aD9 e7yVbnDoRSwYs3/7EEhJLpEYe9LX/L/KSKSsCat/Nj8/q8Gy/OtV+iwrQfaCYFpAhxGd 1fFhWi+AIAI39urLnScRoC10ffacEZ2soGG0w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=9eP07uQ0y9kE9GAANW7ipAeIFR8UUGB9NFRXqkepIV8=; b=bs9B1b5rmYJ539cRfb4ASUYu7cqqhmugTPA3ZXdkfyMiZXg6aILpDRhaNHSy0bgXMj g5lET+RolreM4zbyzIpkBK1Y7fcxVXSFw3E8h399O0sDYpnIrqoWiCZ4oQwI4wQaPh2b 33cOoU/ZuLyVM4N3785Cb5omykFUtmM99s5nis7bbkeDcKx6Y8LXQnewJ5V8eKwEFgFl lSpeymImc8yh7LmYrfpOswMVc/RCx773ILoAC8qYUyDHZ+T4EYyrohS7OXlTjM1JdbOE HvfMfvaWtIY5NMtUbj7b5a8967tWY/4tYcQWKLPkGnMdNgJ7OE9Kr6T1KUccMYgidOuu v4Bw== X-Gm-Message-State: ALoCoQkRKpAtbCVaimB61+i4aLsEYid/4MZH3ce5rYZfylSb0LnDqkFoshNO1IGZExVlUsIvm7DzRHyEV4gK5mVEVjDU6BPMSQ== X-Received: by 10.140.100.141 with SMTP id s13mr71549982qge.25.1451340263002; Mon, 28 Dec 2015 14:04:23 -0800 (PST) Received: from flea ([98.229.60.157]) by smtp.gmail.com with ESMTPSA id d6sm28166794qkb.13.2015.12.28.14.04.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 28 Dec 2015 14:04:22 -0800 (PST) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Mon, 28 Dec 2015 17:04:21 -0500 In-Reply-To: <87k2o0q5by.fsf@gnus.org> (Lars Ingebrigtsen's message of "Sat, 26 Dec 2015 22:15:45 +0100") Message-ID: <87k2ny1b8a.fsf@lifelogs.com> User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Sat, 26 Dec 2015 22:15:45 +0100 Lars Ingebrigtsen wrote: LI> As Stefan said in a different report -- perhaps we should just require LI> Emacs with built-in TLS support if you want to use TLS. That would LI> essentially mean that we should just remove tls.el and starttls.el. LI> Alternatively we could, in Emacs 25.1, just remove the --insecure LI> settings and let people who try to connect to their IMAP server just LI> fail somewhat mysteriously (it's very common to have self-signed certs LI> for IMAP). I am in favor of either option and I think the first is cleaner. There will be a small but vocal group that wants to use the external tunnel utility. I think the benefit to the rest of the users will be worth it, and that group can have a ELPA package to support them. Ted From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 29 Dec 2015 13:31:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: 19284@debbugs.gnu.org Cc: Jens Lechtenboerger Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.145139581728211 (code B ref 19284); Tue, 29 Dec 2015 13:31:02 +0000 Received: (at 19284) by debbugs.gnu.org; 29 Dec 2015 13:30:17 +0000 Received: from localhost ([127.0.0.1]:47431 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aDuLv-0007Io-St for submit@debbugs.gnu.org; Tue, 29 Dec 2015 08:30:17 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:51729) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aDuLr-0007DU-Fe for 19284@debbugs.gnu.org; Tue, 29 Dec 2015 08:30:15 -0500 Received: from 2.150.58.24.tmi.telenormobil.no ([2.150.58.24] helo=mouse) by hermes.netfonds.no with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1aDuLT-0005Ew-Dz; Tue, 29 Dec 2015 14:29:47 +0100 From: Lars Ingebrigtsen References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> <87k2ny1b8a.fsf@lifelogs.com> Date: Tue, 29 Dec 2015 14:29:46 +0100 In-Reply-To: <87k2ny1b8a.fsf@lifelogs.com> (Ted Zlatanov's message of "Mon, 28 Dec 2015 17:04:21 -0500") Message-ID: <878u4didrp.fsf@gnus.org> User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1aDuLT-0005Ew-Dz X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1452000588.25147@21SaPcouKO3sjo/JQGIKLA X-Spam-Status: No X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Ted Zlatanov writes: > On Sat, 26 Dec 2015 22:15:45 +0100 Lars Ingebrigtsen wrote: > > LI> As Stefan said in a different report -- perhaps we should just require > LI> Emacs with built-in TLS support if you want to use TLS. That would > LI> essentially mean that we should just remove tls.el and starttls.el. > > LI> Alternatively we could, in Emacs 25.1, just remove the --insecure > LI> settings and let people who try to connect to their IMAP server just > LI> fail somewhat mysteriously (it's very common to have self-signed certs > LI> for IMAP). > > I am in favor of either option and I think the first is cleaner. > > There will be a small but vocal group that wants to use the external > tunnel utility. I think the benefit to the rest of the users will be > worth it, and that group can have a ELPA package to support them. I'd rather do the first, too, but perhaps we should wait a bit. I'll just remove the --insecure for now. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Tue Dec 29 08:31:25 2015 Received: (at control) by debbugs.gnu.org; 29 Dec 2015 13:31:25 +0000 Received: from localhost ([127.0.0.1]:47435 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aDuN2-0008WK-Qi for submit@debbugs.gnu.org; Tue, 29 Dec 2015 08:31:24 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:43359) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aDuN2-0008VA-1Z for control@debbugs.gnu.org; Tue, 29 Dec 2015 08:31:24 -0500 Received: from 2.150.58.24.tmi.telenormobil.no ([2.150.58.24] helo=mouse) by hermes.netfonds.no with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1aDuMg-0005HM-Uu for control@debbugs.gnu.org; Tue, 29 Dec 2015 14:31:03 +0100 Date: Tue, 29 Dec 2015 14:31:02 +0100 Message-Id: <877fjxidpl.fsf@gnus.org> To: control@debbugs.gnu.org From: Lars Ingebrigtsen Subject: control message for bug #19284 X-MailScanner-ID: 1aDuMg-0005HM-Uu X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1452000663.35635@PF7+bWjcxtQvTHyvFLUEmw X-Spam-Status: No X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) tags 19284 fixed close 19284 25.1 From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Ivan Shmakov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 29 Dec 2015 19:27:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: fixed security To: 19284@debbugs.gnu.org Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.145141716425111 (code B ref 19284); Tue, 29 Dec 2015 19:27:01 +0000 Received: (at 19284) by debbugs.gnu.org; 29 Dec 2015 19:26:04 +0000 Received: from localhost ([127.0.0.1]:48914 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aDzuG-0006Wx-1J for submit@debbugs.gnu.org; Tue, 29 Dec 2015 14:26:04 -0500 Received: from fely.am-1.org ([78.47.74.50]:32850) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aDzuD-0006WW-MO for 19284@debbugs.gnu.org; Tue, 29 Dec 2015 14:26:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=siamics.net; s=a2013295; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:Sender:References:Subject:To:From; bh=SETIs3qcwOpP6PMq8+kv6/7duZpN/8awtW1rfuCpPe4=; b=BaXpH4nwGe2HvEq4p6DtFfDzZUCJctWnrePbrYZqACDf6UhYBPJpEE6fP2WzPUQMSJn/y1b86jALUfup/Ng0adHd+TUMDlPIabP45hdbq6wY6nbRzqO558Ph0QI3cSmpHpKMfgBy4/SbMfhLoROblxGcH7HHp07ImLB3R1zfR6k=; Received: from violet.siamics.net ([2001:470:1f13:1eb::1:1d]) by fely.am-1.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aDzuB-0005k7-AD for 19284@debbugs.gnu.org; Tue, 29 Dec 2015 19:25:59 +0000 Received: from localhost ([::1] helo=violet.siamics.net) by violet.siamics.net with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aDzu0-00017V-Nk for 19284@debbugs.gnu.org; Wed, 30 Dec 2015 02:25:48 +0700 From: Ivan Shmakov References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> <87k2ny1b8a.fsf@lifelogs.com> Date: Tue, 29 Dec 2015 19:25:48 +0000 In-Reply-To: <87k2ny1b8a.fsf@lifelogs.com> (Ted Zlatanov's message of "Mon, 28 Dec 2015 17:04:21 -0500") Message-ID: <87y4cdvyyr.fsf@violet.siamics.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.7 (/) >>>>> Ted Zlatanov writes: >>>>> On Sat, 26 Dec 2015 22:15:45 +0100 Lars Ingebrigtsen wrote: >> As Stefan said in a different report -- perhaps we should just >> require Emacs with built-in TLS support if you want to use TLS. >> That would essentially mean that we should just remove tls.el and >> starttls.el. =20=20 >> Alternatively we could, in Emacs 25.1, just remove the --insecure >> settings FWIW, I tend to support this option. >> and let people who try to connect to their IMAP server just fail >> somewhat mysteriously (it's very common to have self-signed certs >> for IMAP). I see little value in self-signed certificates in general, especially given that there=E2=80=99s for a long-time a community-driven CA who offer X.509 certificates free of charge. Sure, for a small group, and assuming typical =E2=80=9Cdesktop=E2=80=9D TLS clients, self-signed certificates can be used to implement a public key dissemination model akin to that=E2=80=99s typical of SSH. However, I=E2=80=99ve seen them being used on MXes facing the world (say, the MX that serves bugs.debian.org), and I fail to see any point whatsoever in that. > I am in favor of either option and I think the first is cleaner. > There will be a small but vocal group that wants to use the external > tunnel utility. =E2=80=A6 Or there will be a group with a small number of its members being vocal; the difference may be not that easy to tell. To note is that Gnus=E2=80=99 nnimap method has its own =E2=80=9Ctunnel ut= ility=E2=80=9D support, which I use to interface the local IMAP server (below), and which (I suppose) could be used in place of tls.el. (nnimap-stream shell) (nnimap-shell-program "MAIL=3Dmaildir:\"$HOME\"/Maildir imapd") That said, the lack of possibility to use something similar for non-nnimap connections is not something I=E2=80=99d appreciate. I=E2=80=99ve sure seen external utility support in other software, too. Check the OpenSSH client=E2=80=99s ProxyCommand option, for instance. > I think the benefit to the rest of the users will be worth it, and > that group can have a ELPA package to support them. As long as the hooks are in place to route the requests via that package, I have no (strong) objections to the move. But given that tls.el is about 300=C2=A0LoC in total, and hardly incurs a high maintenance cost, I don=E2=80=99t see much value in the move, either. --=20 FSF associate member #7257 http://am-1.org/~ivan/ =E2=80=A6 3013 B6A0= 230E 334A From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 30 Dec 2015 14:47:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: fixed security To: Ivan Shmakov Cc: 19284@debbugs.gnu.org Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.145148681115998 (code B ref 19284); Wed, 30 Dec 2015 14:47:02 +0000 Received: (at 19284) by debbugs.gnu.org; 30 Dec 2015 14:46:51 +0000 Received: from localhost ([127.0.0.1]:49438 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aEI1b-00049y-6A for submit@debbugs.gnu.org; Wed, 30 Dec 2015 09:46:51 -0500 Received: from mail-qk0-f180.google.com ([209.85.220.180]:34087) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aEI1Z-00049k-D7 for 19284@debbugs.gnu.org; Wed, 30 Dec 2015 09:46:50 -0500 Received: by mail-qk0-f180.google.com with SMTP id p187so213706336qkd.1 for <19284@debbugs.gnu.org>; Wed, 30 Dec 2015 06:46:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type:content-transfer-encoding; bh=VOXXR2WqyJNZNBpc4khW/HJcJaGW3XY4JvbvpslmyxY=; b=cqVgCI9J9XgjdxxZgzrEg3uCEps3pek3TuMxb1z9zg2qByR06mLJKFGaxUc8n9sVaA hSoIwgoVZ+Ji9ANCbx5/iTXuJb2CsNLCTzqR2rmZtcvvGwLfl9URlRps6Ln+qwhEENV+ sQkFueZtwoUdTt7QPq5p4Da2iiWSER/nHgg+g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type:content-transfer-encoding; bh=VOXXR2WqyJNZNBpc4khW/HJcJaGW3XY4JvbvpslmyxY=; b=Ah7Q5Xnky6U/AVfkvRM9SU4IqCViMPFcaqLUwX6Wo31be89oc9PRIVZAFExstLd0z5 xc3V6BrhJeuijH5HVI9d3N9G/cfWUPI9qD0i4kOJf6Tco/gkTDuhjX3dR2RPKim+ASuO Bx0OQrmB3CIQM6l1DHyX8ABBM/+KicB6uyawWLBIC7QX4PkeYx29G36tJ8XTAvdZDMTo +OaR2HrP6LwcRHhSuIvzYpG0GCrXtAM6R0iQSEkmYZoVTQd8Vx3mwAe8OZ7QbCD4XHTL f0gRBb/WX4jL1nDlwzC6r3+B+MZsXYMta9jowux71uu6+7SGR3HOyyKzQqu3KoQtFnsB vtaA== X-Gm-Message-State: ALoCoQlVVNsi4ZowtjOoyNPxetVrqYICh/h/TMi9lSg6G4YzTE8BjcGudEBld7Qy6faLZCX/HEx0BaJBc/UE64AmS0V5A+7HCg== X-Received: by 10.55.214.151 with SMTP id p23mr85947735qkl.8.1451486803849; Wed, 30 Dec 2015 06:46:43 -0800 (PST) Received: from flea ([98.229.60.157]) by smtp.gmail.com with ESMTPSA id u197sm15204458qhb.13.2015.12.30.06.46.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Dec 2015 06:46:43 -0800 (PST) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> <87k2ny1b8a.fsf@lifelogs.com> <87y4cdvyyr.fsf@violet.siamics.net> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Wed, 30 Dec 2015 09:46:42 -0500 In-Reply-To: <87y4cdvyyr.fsf@violet.siamics.net> (Ivan Shmakov's message of "Tue, 29 Dec 2015 19:25:48 +0000") Message-ID: <8737uk0zal.fsf@lifelogs.com> User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Tue, 29 Dec 2015 19:25:48 +0000 Ivan Shmakov wrote:=20 IS> To note is that Gnus=E2=80=99 nnimap method has its own =E2=80=9Ctunne= l utility=E2=80=9D IS> support, which I use to interface the local IMAP server (below), IS> and which (I suppose) could be used in place of tls.el. IS> (nnimap-stream shell) IS> (nnimap-shell-program "MAIL=3Dmaildir:\"$HOME\"/Maildir imapd") IS> That said, the lack of possibility to use something similar for IS> non-nnimap connections is not something I=E2=80=99d appreciate. IS> I=E2=80=99ve sure seen external utility support in other software, too. IS> Check the OpenSSH client=E2=80=99s ProxyCommand option, for instance. >> I think the benefit to the rest of the users will be worth it, and >> that group can have a ELPA package to support them. IS> As long as the hooks are in place to route the requests via that IS> package, I have no (strong) objections to the move. The package itself will install those hooks, I assume. IS> But given that tls.el is about 300=C2=A0LoC in total, and hardly IS> incurs a high maintenance cost, I don=E2=80=99t see much value in the IS> move, either. There's a small but consistent amount of time spent checking "are you using tls.el?" every time we debug a SSL/TLS issue (even if we don't ask the user explicitly). There is a user experience difference between relying on external tools implicitly, which tls.el does, and explicitly, which ProxyCommand does. Also, tls.el is not granular like ProxyCommand or the `nnimap-stream' functionality, it applies to all connectivity. I hope that explains my reasoning better. Ted From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Ivan Shmakov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 30 Dec 2015 15:58:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: fixed security To: 19284@debbugs.gnu.org Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.145149107023528 (code B ref 19284); Wed, 30 Dec 2015 15:58:02 +0000 Received: (at 19284) by debbugs.gnu.org; 30 Dec 2015 15:57:50 +0000 Received: from localhost ([127.0.0.1]:50538 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aEJ8I-00067Q-9e for submit@debbugs.gnu.org; Wed, 30 Dec 2015 10:57:50 -0500 Received: from fely.am-1.org ([78.47.74.50]:33113) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aEJ8F-00067G-Tl for 19284@debbugs.gnu.org; Wed, 30 Dec 2015 10:57:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=siamics.net; s=a2013295; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:Sender:References:Subject:To:From; bh=QBjftlwiqrgz6AWpvEV53ztr7UpPq38W1CN5H1gpqKc=; b=XkoQidnigAaQdyycPFX1AwpXvDw4n0mvfdtWutn/eoJV7SLYlC7Htk2L/GhwgaukuJmJkXjhQ7iSyfjNGZ2o9bIqPZeyyjskbs/8Tu+KFMRcAY/s9pP4WHIWAjh40Uq62pexCH+7KJTdeREsvnhQvs+WvlalLsbF2/4qRs1+2Rg=; Received: from violet.siamics.net ([2001:470:1f13:1eb::1:1d]) by fely.am-1.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aEJ8E-0006lc-85 for 19284@debbugs.gnu.org; Wed, 30 Dec 2015 15:57:46 +0000 Received: from localhost ([::1] helo=violet.siamics.net) by violet.siamics.net with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aEJ85-00043j-Vq for 19284@debbugs.gnu.org; Wed, 30 Dec 2015 22:57:38 +0700 From: Ivan Shmakov References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> <87k2ny1b8a.fsf@lifelogs.com> <87y4cdvyyr.fsf@violet.siamics.net> <8737uk0zal.fsf@lifelogs.com> Date: Wed, 30 Dec 2015 15:57:37 +0000 In-Reply-To: <8737uk0zal.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 30 Dec 2015 09:46:42 -0500") Message-ID: <87lh8cvsi6.fsf@violet.siamics.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.7 (/) >>>>> "TZ" =3D=3D Ted Zlatanov writes: >>>>> On Tue, 29 Dec 2015 19:25:48 +0000 Ivan Shmakov wr= ote: [=E2=80=A6] TZ> I think the benefit to the rest of the users will be worth it, and TZ> that group can have a ELPA package to support them. IS> As long as the hooks are in place to route the requests via that IS> package, I have no (strong) objections to the move. TZ> The package itself will install those hooks, I assume. My point is that there=E2=80=99re no such hooks currently =E2=80=93 the di= spatch is instead hardcoded into network-stream-open-tls: 357 (stream 358 (funcall (if (gnutls-available-p) 359 'open-gnutls-stream 360 'open-tls-stream) 361 name buffer host service)) For it to still be possible to use functions other than open-gnutls-stream, and assuming open-tls-stream is removed from the Emacs proper, this would=E2=80=99ve to be replaced with a (customizable) variable, like: (stream (funcall network-stream-open-tls-function name buffer host service)) IS> But given that tls.el is about 300=C2=A0LoC in total, and hardly incurs IS> a high maintenance cost, I don=E2=80=99t see much value in the move, IS> either. TZ> There's a small but consistent amount of time spent checking "are TZ> you using tls.el?" every time we debug a SSL/TLS issue (even if we TZ> don't ask the user explicitly). TZ> There is a user experience difference between relying on external TZ> tools implicitly, which tls.el does, and explicitly, which TZ> ProxyCommand does. But that=E2=80=99s trivial to solve; say: (defcustom network-stream-open-tls-function 'open-gnutls-stream "The function to use to establish TLS/SSL connections." :type '(choice (function-item :tag "Native GnuTLS support" open-gnutls-stream) (function-item :tag "Use gnutls-cli external command" open-tls-stream))) This way, tls.el would only be used if explicitly configured by the user. TZ> Also, tls.el is not granular like ProxyCommand or the TZ> `nnimap-stream' functionality, it applies to all connectivity. The user may set network-stream-open-tls-function to an entirely arbitrary function, which may take the target host and service names into account. (Although I don=E2=80=99t have any sensible use case for that at hand.) TZ> I hope that explains my reasoning better. It does. --=20 FSF associate member #7257 http://am-1.org/~ivan/ =E2=80=A6 3013 B6A0= 230E 334A From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 30 Dec 2015 16:39:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: fixed security To: Ivan Shmakov Cc: 19284@debbugs.gnu.org Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.145149350227320 (code B ref 19284); Wed, 30 Dec 2015 16:39:01 +0000 Received: (at 19284) by debbugs.gnu.org; 30 Dec 2015 16:38:22 +0000 Received: from localhost ([127.0.0.1]:50555 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aEJlW-00076a-7h for submit@debbugs.gnu.org; Wed, 30 Dec 2015 11:38:22 -0500 Received: from mail-qg0-f43.google.com ([209.85.192.43]:33472) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aEJlV-00076M-1s for 19284@debbugs.gnu.org; Wed, 30 Dec 2015 11:38:21 -0500 Received: by mail-qg0-f43.google.com with SMTP id b35so56886997qge.0 for <19284@debbugs.gnu.org>; Wed, 30 Dec 2015 08:38:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type:content-transfer-encoding; bh=92oHaIo82c4OJnnKy4D/6wx6hrrGEK8Qi/k5hLg+LKQ=; b=ASgW12UOIokMDpWZqM5Eae96LlwiKmwo5mAmjZ+vZMbc486QC+4UqjJ7YirJIKwM+L VMaOVd7fB4rWWVAu7iOdkS1HPouobhO0/RnU3603kNGdlGxoYcDp+vN/sIpbkNy8pyBc 2SvIyArNMmlagtKxqZwxKrV4/K1SJPBBLclWo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type:content-transfer-encoding; bh=92oHaIo82c4OJnnKy4D/6wx6hrrGEK8Qi/k5hLg+LKQ=; b=KDRf9nk8Htr/A3v0wGgzufuht9qrVdaIhfNGh8UVR1aPwcIDU2U4LtQc4Xhix2m9Iq sTqLoHxDChg5q1SNxkp6q5ne+c+9//KbIx/s0yI6LVqHvjsXkMtUzGSoXAwVSp0YE8z0 Cfd0d0hEADCl2g7J/tcKsCfvE/j0XL3nKxFnQ7VAwpMXz8/lVExPgVlMsPEsOIe9TUAd ygc9m3tPBVw3xWUIClHorFa5IDsO1Eq2kvSubotRXPaEUbHqfLux/QdXGA9fEOQ3Lfwy yu9LCVWCvpHzpKueAGzTp/AREz88eX3YhFfEXGDreyrJ3pnTj0ieuSSps+C2BbIKcCvE t2Ow== X-Gm-Message-State: ALoCoQnTjMn5Il5HhW8g+301vAUwBC7s2webbm9UkWrjPF0gno+Y4ex6WUHh3OfShQHmw+WZWbaU16OOGcnbqLun9l4ofBPC6g== X-Received: by 10.140.242.216 with SMTP id n207mr90971386qhc.37.1451493495572; Wed, 30 Dec 2015 08:38:15 -0800 (PST) Received: from flea ([98.229.60.157]) by smtp.gmail.com with ESMTPSA id b95sm18384460qge.47.2015.12.30.08.38.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Dec 2015 08:38:14 -0800 (PST) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> <87k2ny1b8a.fsf@lifelogs.com> <87y4cdvyyr.fsf@violet.siamics.net> <8737uk0zal.fsf@lifelogs.com> <87lh8cvsi6.fsf@violet.siamics.net> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Wed, 30 Dec 2015 11:38:13 -0500 In-Reply-To: <87lh8cvsi6.fsf@violet.siamics.net> (Ivan Shmakov's message of "Wed, 30 Dec 2015 15:57:37 +0000") Message-ID: <87lh8bzybu.fsf@lifelogs.com> User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Wed, 30 Dec 2015 15:57:37 +0000 Ivan Shmakov wrote:=20 >>>>>> "TZ" =3D=3D Ted Zlatanov writes: >>>>>> On Tue, 29 Dec 2015 19:25:48 +0000 Ivan Shmakov w= rote: IS> As long as the hooks are in place to route the requests via that IS> package, I have no (strong) objections to the move. TZ> The package itself will install those hooks, I assume. IS> My point is that there=E2=80=99re no such hooks currently You're right, I meant to say that the hooks will be provided and the package will add itself to them. IS> =E2=80=93 the dispatch is instead hardcoded into IS> network-stream-open-tls: IS> 357 (stream IS> 358 (funcall (if (gnutls-available-p) IS> 359 'open-gnutls-stream IS> 360 'open-tls-stream) IS> 361 name buffer host service)) Yes, this is exactly where the hook or function should go. TZ> There is a user experience difference between relying on external TZ> tools implicitly, which tls.el does, and explicitly, which TZ> ProxyCommand does. IS> But that=E2=80=99s trivial to solve; say: IS> (defcustom network-stream-open-tls-function 'open-gnutls-stream IS> "The function to use to establish TLS/SSL connections." IS> :type '(choice (function-item :tag "Native GnuTLS support" IS> open-gnutls-stream) IS> (function-item :tag "Use gnutls-cli external command" IS> open-tls-stream))) IS> This way, tls.el would only be used if explicitly configured by IS> the user. Exactly, brilliant :) But the user experience goes beyond configuration. External tools are harder to debug and control, and the *user* ends up with the burden of maintaining them (which can have security consequences too). I think if the user *knows* he has chosen a proxy method, he's much more likely to be aware of the burden he assumes. It's also worth considering whether the GnuTLS integration itself can support these use cases. Maybe `open-gnutls-stream-insecurely' would be a good user-level function to provide. TZ> Also, tls.el is not granular like ProxyCommand or the TZ> `nnimap-stream' functionality, it applies to all connectivity. IS> The user may set network-stream-open-tls-function to an entirely IS> arbitrary function, which may take the target host and service IS> names into account. (Although I don=E2=80=99t have any sensible use IS> case for that at hand.) It makes sense in some very specifically constrained corporate environments. It could be handled by making `network-stream-open-tls-function' optionally specify the function by host and port, not just a global choice. Gnus is full of this kind of defcustom. So that makes it fairly easy to configure, I think. The logging in the network-stream code will probably have to be improved as well to support the user experience. I appreciate your thoughts, Ivan, but also anyone else that wants to contribute is welcome... I think this is a very good discussion. Ted From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Lars Magne Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 30 Dec 2015 18:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: fixed security To: Ivan Shmakov Cc: 19284@debbugs.gnu.org Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.14514997954854 (code B ref 19284); Wed, 30 Dec 2015 18:24:02 +0000 Received: (at 19284) by debbugs.gnu.org; 30 Dec 2015 18:23:15 +0000 Received: from localhost ([127.0.0.1]:50627 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aELP1-0001GD-Hh for submit@debbugs.gnu.org; Wed, 30 Dec 2015 13:23:15 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:32903) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aELOz-0001G5-Dv for 19284@debbugs.gnu.org; Wed, 30 Dec 2015 13:23:13 -0500 Received: from cm-84.215.1.64.getinternet.no ([84.215.1.64] helo=stories) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1aELOc-0006i1-8t; Wed, 30 Dec 2015 19:22:50 +0100 From: Lars Magne Ingebrigtsen References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> <87k2ny1b8a.fsf@lifelogs.com> <87y4cdvyyr.fsf@violet.siamics.net> <8737uk0zal.fsf@lifelogs.com> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEWMc3Lq5tj+/vhWN0L+ //gFBAr+//uspJ82S7zdAAACd0lEQVQ4jXWUS2+jMBCATdjEVwMtvmIngivEoly3Ecq5K4T2uqbV cOXR4r+/M6SPtFXnQCI+7PlmxsA0xl6xQBSB8gtpxrqeN5PeMn2a6iS4gMGTbKy7pPlFQObeb1nm UVspxgXzznYSN/WWqWoIoqxty7ZNmnJr/p673D0T+JPIql9BRNcHgKS5OW1Z1mgXv4MtATXHuCJh KYBlznF3SQ5wmx8RZJsQgU9Wei6UmQCEOT69MF02F1AFeuDriqhcAEHBEbzpSuYBdNs7Am4AuCQX pIvJe0YrDkP2Dl6terNDkEr4DKxnc9rqjPfBOgolnXSjNZO4q3GrjnSHMPN0fbvqChN6lCNyMRYY CC84DFyxDYA01aoLHuqO4mHUBLAOiCYE2Q4E2Lb120YZE+HDYAPSzRbYX1thHx5b0k1icLTiCvxb dRHgYkMhjZlN7lKYCWSTHNGKdE8R6bLCCI+6i4OOSZcHq5XnIp7nBwR+HMXWoO4FjEm1Ezx9YaoY vA9dkVcgq2zAHOqZRvtu1WB3s8pS5XMBX3RBbCj5vFzp+ibHIVQcgTIMKznVNfX/6emMPzbPCSwg sQ4Mfrli5c2E4IBPxHbBofR2CULo8Y8r6hV0OzviUBCgeU9Wh+6F1bj1HY52RDAxnvY2jcym264H 9A2MjMX9Yz6MHgK02C+WO5euYOkt9w29UZiDrVYXsOth0MNxBf3xM8hyHhK491M8V+j/ulXYyaai d3DGg2+nNfkyYHIRamYQqIKaMMm1DhXoLDE51wj2NzTzq5bcT9IvEIhD/TlOk1YmLJnUX4HUekag 6q+APiK6xE/G97sruA73ESVrf4gfwX9prB5sOHQbvwAAAABJRU5ErkJggg== Date: Wed, 30 Dec 2015 19:22:49 +0100 In-Reply-To: <8737uk0zal.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 30 Dec 2015 09:46:42 -0500") Message-ID: User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1aELOc-0006i1-8t X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1452104570.52956@xp7BbWktvrnE/JkRWBfgUw X-Spam-Status: No X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Ted Zlatanov writes: > There is a user experience difference between relying on external tools > implicitly, which tls.el does, and explicitly, which ProxyCommand does. > Also, tls.el is not granular like ProxyCommand or the `nnimap-stream' > functionality, it applies to all connectivity. I hope that explains my > reasoning better. Yeah. For the version after this, we should dump tls.el (and starttls.el) completely. If somebody wants a way to do TLS proxying, we should add that as separate functionality, not something that plops out as a side-effect of using gnutls-cli. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 31 Dec 2015 16:01:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: fixed security To: Lars Magne Ingebrigtsen Cc: Ivan Shmakov , 19284@debbugs.gnu.org Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.145157762910354 (code B ref 19284); Thu, 31 Dec 2015 16:01:02 +0000 Received: (at 19284) by debbugs.gnu.org; 31 Dec 2015 16:00:29 +0000 Received: from localhost ([127.0.0.1]:51883 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aEfeL-0002gt-Cz for submit@debbugs.gnu.org; Thu, 31 Dec 2015 11:00:28 -0500 Received: from mail-qg0-f42.google.com ([209.85.192.42]:36576) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aEfeG-0002gb-Cj for 19284@debbugs.gnu.org; Thu, 31 Dec 2015 11:00:24 -0500 Received: by mail-qg0-f42.google.com with SMTP id e32so112623137qgf.3 for <19284@debbugs.gnu.org>; Thu, 31 Dec 2015 08:00:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=O/BhXGtoCtbLcJ2lytmzvzbu1SH9Qn1hfzk6y1y0YXU=; b=pJlbds33oOw6PDeXrUh+3phCeExyQFaeqvf+RZG/Z+dS8FALwtpYt75fCJ5deTDYLO 3z5t0PsPkJzvSLsswwFvNzYyLubMXI0Q/lCwN/oJ853Qakh41hUSUMrEqANxBNdPowov yJR3EfV8NYlofPg0PbDMuYSvyIrEh8Z3BHGmk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=O/BhXGtoCtbLcJ2lytmzvzbu1SH9Qn1hfzk6y1y0YXU=; b=Wm0y4nkqgqdfLc5V2crqj57e7C4Cu52sZQsCCc6yDCF0vr6r4p8Gx6w9Azh9Smv0lP pp3iKji9ZR2APuHJwR7Zs9xOW+wKg7BtGTspya7TkAQWYwyLQ0SFwh0D6J4v93OlqEOo WC2XrMYKEmKc74IjYyd5pTRDHRKHEjFORR+5758AKz/rzCiH3D77SCE/4ZYQAqfps388 ennMuwsRp2m9hVq7u70nvIOTsGF+B6fP+mA5RYM1zAJorR3yX3a4tKy24mqEoZ8Mj9Hz Vs8has0HxxM9y9XQd+n9HVWJuj5lbQ6dyIgjOs0NFJ99ihVB9NvGcRdwPF7/DBhxmE6b G6Og== X-Gm-Message-State: ALoCoQkT5LGxejxhNM0h1BnQ4mKOq4dgyl98DKO76gsTrqSDLg8FtOfgAr/s+sxxsJOTZSakoRlopN5XJXlxlDeH7s2vdZB2tw== X-Received: by 10.140.236.68 with SMTP id h65mr28796226qhc.13.1451577614753; Thu, 31 Dec 2015 08:00:14 -0800 (PST) Received: from flea ([98.229.60.157]) by smtp.gmail.com with ESMTPSA id w145sm24482009qhw.36.2015.12.31.08.00.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 Dec 2015 08:00:13 -0800 (PST) From: Ted Zlatanov Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> <87k2ny1b8a.fsf@lifelogs.com> <87y4cdvyyr.fsf@violet.siamics.net> <8737uk0zal.fsf@lifelogs.com> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Thu, 31 Dec 2015 11:00:12 -0500 In-Reply-To: (Lars Magne Ingebrigtsen's message of "Wed, 30 Dec 2015 19:22:49 +0100") Message-ID: <87d1tmzjzn.fsf@lifelogs.com> User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Wed, 30 Dec 2015 19:22:49 +0100 Lars Magne Ingebrigtsen wrote: LMI> Ted Zlatanov writes: >> There is a user experience difference between relying on external tools >> implicitly, which tls.el does, and explicitly, which ProxyCommand does. >> Also, tls.el is not granular like ProxyCommand or the `nnimap-stream' >> functionality, it applies to all connectivity. I hope that explains my >> reasoning better. LMI> Yeah. For the version after this, we should dump tls.el (and LMI> starttls.el) completely. If somebody wants a way to do TLS proxying, we LMI> should add that as separate functionality, not something that plops out LMI> as a side-effect of using gnutls-cli. Ivan, do you want to summarize the three separate proposals to emacs-devel or should I? I think it's time to move it out of this bug report since Lars has committed the changes to fix it. The proposals, I think, were: 1) provide a new function hook point for tls.el to provide network-stream functionality, and make that a defcustom that can be overridden by host and port 2) move tls.el out of Emacs into the GNU ELPA 3) support TLS proxying in gnutls.el or at the C level, if we can define what that actually means Thanks Ted From unknown Tue Jun 24 22:37:48 2025 X-Loop: help-debbugs@gnu.org Subject: bug#19284: 25.0.50; tls.el uses option --insecure Resent-From: Ivan Shmakov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 02 Jan 2016 03:26:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19284 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: fixed security To: 19284@debbugs.gnu.org Received: via spool by 19284-submit@debbugs.gnu.org id=B19284.145170510920401 (code B ref 19284); Sat, 02 Jan 2016 03:26:01 +0000 Received: (at 19284) by debbugs.gnu.org; 2 Jan 2016 03:25:09 +0000 Received: from localhost ([127.0.0.1]:34224 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aFCoX-0005Iz-1G for submit@debbugs.gnu.org; Fri, 01 Jan 2016 22:25:09 -0500 Received: from fely.am-1.org ([78.47.74.50]:33810) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aFCoU-0005Ip-QO for 19284@debbugs.gnu.org; Fri, 01 Jan 2016 22:25:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=siamics.net; s=a2013295; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:Sender:References:Subject:To:From; bh=WxQTmjzxrAzA7mvWZiWat1Yj4G81d17N2lNoAs4cUc0=; b=Um+85yzsWPR2fM/BnjjyRy4tuzUMOs/qKhq5AekDS3OlOy6uoIC5UjzkyAQ2e63BQKgISu/tdb8MvoCywt3zQxrqZuubCsbbVvj7J+sG+sw4j/1inc8yMnrNKf2bSNOTg+e2op+q3uJs5/SViSzGtfE1KzLYveir2AvBPafAaoo=; Received: from violet.siamics.net ([2001:470:1f13:1eb::1:1d]) by fely.am-1.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aEi1j-0002GT-7L for 19284@debbugs.gnu.org; Thu, 31 Dec 2015 18:32:43 +0000 Received: from localhost ([::1] helo=violet.siamics.net) by violet.siamics.net with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1aEi1c-0006su-Em for 19284@debbugs.gnu.org; Fri, 01 Jan 2016 01:32:36 +0700 From: Ivan Shmakov References: <86iohpq3w2.fsf@informationelle-selbstbestimmung-im-internet.de> <87k2o0q5by.fsf@gnus.org> <87k2ny1b8a.fsf@lifelogs.com> <87y4cdvyyr.fsf@violet.siamics.net> <8737uk0zal.fsf@lifelogs.com> <87d1tmzjzn.fsf@lifelogs.com> Date: Thu, 31 Dec 2015 18:32:35 +0000 In-Reply-To: <87d1tmzjzn.fsf@lifelogs.com> (Ted Zlatanov's message of "Thu, 31 Dec 2015 11:00:12 -0500") Message-ID: <87ege2wjss.fsf@violet.siamics.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.7 (/) >>>>> Ted Zlatanov writes: [=E2=80=A6] > Ivan, do you want to summarize the three separate proposals to > emacs-devel or should I? I think it's time to move it out of this > bug report since Lars has committed the changes to fix it. I guess I=E2=80=99m going to be a bit busy over the next couple of days, so feel free to proceed. TIA. [=E2=80=A6] --=20 FSF associate member #7257 http://am-1.org/~ivan/ =E2=80=A6 3013 B6A0= 230E 334A