From: "Stephen J. Turnbull" <stephen@xemacs.org>
To: emacs-devel@gnu.org
Subject: Re: POP3 password in plaintext?
Date: Fri, 03 Oct 2014 19:54:35 +0900 [thread overview]
Message-ID: <87sij5tod0.fsf@uwakimon.sk.tsukuba.ac.jp> (raw)
In-Reply-To: <m2mw9ecsj4.fsf@lifelogs.com>
Ted Zlatanov writes:
> SJT> No, I really do mean "password-read". Mostly because not all
> SJT> protocols demand authentication immediately on opening a stream. Eg,
> SJT> many sites can be accessed with HTTP, will switch to HTTPS without
> SJT> authentication of the client, then present an HTML document for
> SJT> login.
>
> Clearly that's not possible, because the read password can be used at
> any point by the Lisp code; it's just data from that point on.
Sure, but most of the sites I access work that way. The TLS
connection is basically anonymous, and authentication is done over
that connection. If the site presents a certificate, then you can be
pretty sure it's the right site to give your credentials to, and the
site is happy because it doesn't give you anything but a login screen
until you do give it your credentials, at which point you know the
site and the site knows you and you can do your business together.
> Do you mean we should be able to send a password directly to a
> network or process stream at the C level? That makes a lot of sense
> to me and connects to the idea of "secret" data in the Emacs core.
No, I don't mean anything like that. That may be the right idea, but
I haven't thought carefully about it. I'm just telling you that we
can't depend on sites demanding authentication during the connection
process.
next prev parent reply other threads:[~2014-10-03 10:54 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-29 20:49 POP3 password in plaintext? Richard Stallman
2014-09-30 1:46 ` Stephen J. Turnbull
2014-09-30 13:31 ` Ted Zlatanov
2014-09-30 19:23 ` Richard Stallman
2014-10-01 4:00 ` Stephen J. Turnbull
2014-10-01 5:33 ` David Kastrup
2014-10-01 12:54 ` Richard Stallman
2014-10-01 13:15 ` David Kastrup
2014-10-01 17:56 ` David Caldwell
2014-10-01 5:42 ` David Caldwell
2014-10-01 13:22 ` Ted Zlatanov
2014-10-02 1:58 ` Stephen J. Turnbull
2014-10-02 17:04 ` Ted Zlatanov
2014-10-03 10:54 ` Stephen J. Turnbull [this message]
2014-10-01 13:48 ` Stefan Monnier
2014-10-01 14:02 ` Lars Magne Ingebrigtsen
2014-10-01 14:37 ` Stefan Monnier
2014-10-01 23:29 ` Ted Zlatanov
2014-09-30 14:17 ` Lars Magne Ingebrigtsen
2014-09-30 19:25 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sij5tod0.fsf@uwakimon.sk.tsukuba.ac.jp \
--to=stephen@xemacs.org \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).