Re: Additional network security

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Additional network security

From:	Lars Magne Ingebrigtsen
Subject:	Re: Additional network security
Date:	Sun, 07 Dec 2014 18:45:25 +0100
User-agent:	Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux)

Ted Zlatanov <address@hidden> writes:

> How about extending the GnuTLS priority string to also specify the NSM
> level, DH bits, etc? So the user would say "NORMAL:NSM(medium,dh=1024)"
> and we'd cut out all the NSM bits before passing it on to GnuTLS. If
> there's nothing in the priority string, we'd look at
> `network-security-level', that would be the out-of-the-box use case.

I'm not sure we need to allow this to be customised at this fine-grained
level.  Does Firefox allow that, for instance?

> RC4 should be disallowed on medium IMO. I *think* it already is
> disallowed in the default GnuTLS priority string.

There are prominent web sites that only offer RC4, most famously the
video streams from Youtube.  (Because Google.)  

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

[Prev in Thread]

Current Thread

[Next in Thread]

Additional network security, Lars Magne Ingebrigtsen, 2014/12/05
- Re: Additional network security, Stefan Monnier, 2014/12/05
  - Re: Additional network security, Lars Magne Ingebrigtsen, 2014/12/06
    - Re: Additional network security, Stefan Monnier, 2014/12/06
    - Re: Additional network security, Stephen J. Turnbull, 2014/12/07
    - Re: Additional network security, Ted Zlatanov, 2014/12/07
    - Re: Additional network security, Lars Magne Ingebrigtsen, 2014/12/07
    - Re: Additional network security, Ted Zlatanov, 2014/12/07
    - Re: Additional network security, Lars Magne Ingebrigtsen <=
    - Re: Additional network security, Ted Zlatanov, 2014/12/07
    - Re: Additional network security, chad, 2014/12/07
    - Re: Additional network security, Reiner Steib, 2014/12/18
    - Re: Additional network security, Ted Zlatanov, 2014/12/20
    - Re: Additional network security, Stephen J. Turnbull, 2014/12/07
    - Re: Additional network security, Richard Stallman, 2014/12/07
    - Re: Additional network security, Ted Zlatanov, 2014/12/08
    - Re: Additional network security, Lars Magne Ingebrigtsen, 2014/12/08
    - Re: Additional network security, Lars Magne Ingebrigtsen, 2014/12/08
    - Re: Additional network security, Lars Magne Ingebrigtsen, 2014/12/08

Prev by Date: Re: [Emacs-diffs] package-archive-priorities ab9a878: Package archives now have priorities.
Next by Date: Re: [Emacs-diffs] package-archive-priorities ab9a878: Package archives now have priorities.
Previous by thread: Re: Additional network security
Next by thread: Re: Additional network security
Index(es):
- Date
- Thread