|
|
Subscribe / Log in / New account

Re: A couple of questions and concerns about Emacs network security

From:  Jimmy Yuen Ho Wong <wyuenho-AT-gmail.com>
To:  Lars Ingebrigtsen <larsi-AT-gnus.org>, Paul Eggert <eggert-AT-cs.ucla.edu>
Subject:  Re: A couple of questions and concerns about Emacs network security
Date:  Sat, 23 Jun 2018 02:35:07 +0100
Message-ID:  <c2d2b039-e012-f85f-bfbe-62f813bfc886@gmail.com>
Cc:  emacs-devel-AT-gnu.org
Archive-link:  Article


On 23/06/2018 00:33, Lars Ingebrigtsen wrote:
> OK, I've now read the original email message, and there seems to be a
> fundamental misunderstanding.

Ok I see why NSM was written now. It's basically works like browsers
used to work before Snowden. However, while I think the intention was
good, as there are some good checks in there, I think it still falls far
short from ideal.

NSM is heavily dependent on GnuTLS, and it's not particularly good at
presenting NSM good peer status for NSM to do something about it. For
example, leaving all `nsm` and `gnutls` settings at default, this is a
list of URLs where NSM failed to ask me if I wanted to trust the cert.

    (mapcar (lambda (host) (ignore-errors (url-retrieve-synchronously
host)))
         '("https://expired.badssl.com/"
           "https://wrong.host.badssl.com/"
           "https://self-signed.badssl.com/"
           "https://untrusted-root.badssl.com/"
           "https://revoked.badssl.com/"                  ;; fail, very
concerning
           "https://pinning-test.badssl.com/"             ;; fail, very
concerning
           "https://sha1-intermediate.badssl.com/"        ;; fail, very
concerning
           "https://rc4-md5.badssl.com/"
           "https://rc4.badssl.com/"
           "https://3des.badssl.com/"                     ;; fail
           "https://null.badssl.com/"
           "https://mozilla-old.badssl.com/"              ;; fail
           "https://dh480.badssl.com/"                    ;; fail
           "https://dh512.badssl.com/"                    ;; fail
           "https://dh-small-subgroup.badssl.com/"        ;; fail
           "https://dh-composite.badssl.com/"             ;; fail
           "https://invalid-expected-sct.badssl.com/"     ;; fail, a bit
concerning
           "https://subdomain.preloaded-hsts.badssl.com/"
           "https://superfish.badssl.com/"
           "https://edellroot.badssl.com/"
           "https://dsdtestprovider.badssl.com/"
           "https://preact-cli.badssl.com/"
           "https://webpack-dev-server.badssl.com/"
           "https://captive-portal.badssl.com/"
           "https://mitm-software.badssl.com/"
           "https://sha1-2017.badssl.com/"))

If I set `network-security-level` to `'high`, only the dh480 and dh512
tests passed. At the very least, NSM should ask me for the 3 very
concerning certs. Even if I set `gnutls-algorithm-priority` to
`SECURE192:+SECURE128:-VERS-ALL:+VERS-TLS1.2:%PROFILE_MEDIUM`, revoked
and pinning are still failing. I don't see how you are going to get
around that without reinventing CRL and HPKP in ELISP.
> Perhaps the doc strings of gnutls.el should mention that the variables
> is provides are useful only if you don't use `open-network-stream' and
> call the low-level functions directly...
Yes this is a very good idea. I don't think anybody on Reddit
understands how to twiddle Emacs's network security knobs to make it do
what it's supposed to do.

Jimmy

to post comments


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds