| From: |
| "Perry E. Metzger" <perry-AT-piermont.com> |
| To: |
| Lars Ingebrigtsen <larsi-AT-gnus.org> |
| Subject: |
| Re: A couple of questions and concerns about Emacs network security |
| Date: |
| Thu, 5 Jul 2018 09:33:46 -0400 |
| Message-ID: |
| <20180705093346.071e6970@jabberwock.cb.piermont.com> |
| Cc: |
| Paul Eggert <eggert-AT-cs.ucla.edu>, Jimmy Yuen Ho Wong <wyuenho-AT-gmail.com>, emacs-devel-AT-gnu.org |
| Archive-link: |
| Article |
Old thread, but I thought I'd reply on it.
On Sat, 23 Jun 2018 12:23:31 +0200 Lars Ingebrigtsen <larsi@gnus.org>
wrote:
> For those who don't know what this is: Some browsers now ship with
> built-in lists of certificate hashes, so if you're visiting that
> site and presented with a different than expected certificate,
> you'll know that somebody else has issued a certificate for the
> site, and somebody has hijacked the connection.
>
> Or, perhaps, that they just lost the private key and had to
> generate a new certificate and now, oops, everybody that uses the
> browsers with the built-in list will be unable to visit the site.
What you depict there never happens. People don't lose keys in such
circumstances.
Pinning is what is done by sites like gmail to prevent third world
dictatorships from using stolen certificate credentials to spy on
their citizens. People who have been victims of this have had their
email read, been arrested by state security forces for dissent, and
have been tortured to death for lack of certificate pinning working
in their browsers.
This is a matter of life and death for many people.
> do this via ELPA, I think. Whether it's worth doing is another
> issue; I think the jury is still out on that one...
Do you think it's worth keeping people from quite literally being
tortured to death?
For most of the secure HTTP stuff we've been discussing, I would far
rather be inconvenienced here and there than know my slight extra
convenience was being paid for in human blood.
Perry
--
Perry E. Metzger perry@piermont.com
