From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: Opportunistic STARTTLS in smtpmail.el Date: Tue, 31 May 2011 14:39:54 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87fwnuacc5.fsf@lifelogs.com> References: <874o5mky4o.fsf@lifelogs.com> <8762ptue8r.fsf@lifelogs.com> <87k4e8ucw3.fsf@lifelogs.com> <87liyofwxp.fsf@lifelogs.com> <874o5cfui5.fsf@lifelogs.com> <87liyndz5l.fsf@lifelogs.com> <87y61nnpoq.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1306872855 21579 80.91.229.12 (31 May 2011 20:14:15 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 31 May 2011 20:14:15 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue May 31 22:14:11 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from [140.186.70.17] (helo=lists.gnu.org) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QRVKN-0001vG-8h for ged-emacs-devel@m.gmane.org; Tue, 31 May 2011 22:14:11 +0200 Original-Received: from localhost ([::1]:46528 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QRVK9-000240-J4 for ged-emacs-devel@m.gmane.org; Tue, 31 May 2011 16:13:57 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:39381) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QRUnY-0002ba-4A for emacs-devel@gnu.org; Tue, 31 May 2011 15:40:20 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QRUnT-0005zL-K1 for emacs-devel@gnu.org; Tue, 31 May 2011 15:40:15 -0400 Original-Received: from lo.gmane.org ([80.91.229.12]:52760) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QRUnS-0005yl-TB for emacs-devel@gnu.org; Tue, 31 May 2011 15:40:11 -0400 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1QRUnR-00021b-0j for emacs-devel@gnu.org; Tue, 31 May 2011 21:40:09 +0200 Original-Received: from 38.98.147.130 ([38.98.147.130]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 31 May 2011 21:40:09 +0200 Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 31 May 2011 21:40:09 +0200 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 53 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 38.98.147.130 X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:lU2kaU5FmNDI52XjPnciN9ilmO8= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 80.91.229.12 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:139996 Archived-At: On Tue, 31 May 2011 20:19:54 +0200 Lars Magne Ingebrigtsen wrote: LMI> Ted Zlatanov writes: >> s/auth-info/auth-source/g right? LMI> Yes. :-) >> IOW rather than your "secret" token, let's keep the existing tokens but >> the netrc backend of auth-source will know that when it sees "xyz >> gpg:" it needs to decode that hex data. LMI> I don't know how gpg works here. Does gpg-encrypting the same string LMI> give you identical results, or does gpg auto-salt things? The idea with LMI> putting several tokens into the secret part was to 1) make it more LMI> difficult to brute-force, and 2) make it possible to salt the string, so LMI> that if you have two services with the same user-name/password, the LMI> secret tokens would not be identical. That's all fine, we can still auto-salt and bundle random data in the binary. The gpg: format should be an alist with 'data as the key we want; any other keys can be ignored. But it's important to support it everywhere, not just for passwords. I propose the hex data be the alist printed in the UTF-8 encoding, then converted to the unibyte conversion, encrypted, and hex-encoded. The next non-hex character (usually space or newline) ends the data. If we fail to decode it, we print a warning message. >> We should provide a general mode that can show the file with all the >> gpg: locations replaced, showing the decrypted data with text >> overlays and different colors. The mode could also edit the encrypted >> data inline. This would be very useful for all of Emacs, not just >> auth-source. Sort of a scratch pad with arbitrary encryption intervals. >> With such a mode, a lot less direct auth-source support will be needed >> for these encrypted tokens. The netrc backend would simply use the >> general mode. LMI> Sounds way too complicated, I think. The usage at hand is the netrc LMI> file format, and I don't think it would have much utility beyond that. I disagree about the utility, but... LMI> Besides, adding this to netrc would be really trivial. Making it LMI> general would be difficult. I agree about this. For your purpose, let's get the gpg tokens working. Then we can overengineer the general solution into a minor mode, an EmacsWiki page, and a long discussion about the aesthetics of hex data. What do you need from me to get the above done, if you agree about the implementation? Ted