From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.devel
Subject: Re: security of the emacs package system, elpa, melpa and marmalade
Date: Mon, 30 Sep 2013 09:25:39 -0400
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <87zjquxwz0.fsf@flea.lifelogs.com>
References: <523FEE1B.9020408@binary-island.eu>
	<jwvy56n7hsj.fsf-monnier+emacs@gnu.org>
	<87y56gymvz.fsf@flea.lifelogs.com> <m37gdzv7pr.fsf-ueno@gnu.org>
	<874n93ze2r.fsf@flea.lifelogs.com>
Reply-To: emacs-devel@gnu.org
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1380547557 26235 80.91.229.3 (30 Sep 2013 13:25:57 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 30 Sep 2013 13:25:57 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Sep 30 15:26:02 2013
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1VQdU9-0007zB-ST
	for ged-emacs-devel@m.gmane.org; Mon, 30 Sep 2013 15:26:01 +0200
Original-Received: from localhost ([::1]:48855 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1VQdU9-0005xx-Ea
	for ged-emacs-devel@m.gmane.org; Mon, 30 Sep 2013 09:26:01 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51353)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1VQdU2-0005wZ-3g
	for emacs-devel@gnu.org; Mon, 30 Sep 2013 09:25:58 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1VQdTw-0005lC-S6
	for emacs-devel@gnu.org; Mon, 30 Sep 2013 09:25:54 -0400
Original-Received: from plane.gmane.org ([80.91.229.3]:47273)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1VQdTw-0005jb-FV
	for emacs-devel@gnu.org; Mon, 30 Sep 2013 09:25:48 -0400
Original-Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1VQdTu-0007lD-Iu
	for emacs-devel@gnu.org; Mon, 30 Sep 2013 15:25:46 +0200
Original-Received: from c-98-229-61-72.hsd1.ma.comcast.net ([98.229.61.72])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Mon, 30 Sep 2013 15:25:46 +0200
Original-Received: from tzz by c-98-229-61-72.hsd1.ma.comcast.net with local (Gmexim
	0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Mon, 30 Sep 2013 15:25:46 +0200
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: emacs-devel@gnu.org
Original-Lines: 17
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: c-98-229-61-72.hsd1.ma.comcast.net
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)
Cancel-Lock: sha1:IRKxGxZEHrSlhsblbb4YuUxICcY=
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.229.3
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:163727
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/163727>

On Sun, 29 Sep 2013 14:18:36 -0400 Ted Zlatanov <tzz@lifelogs.com> wrote: 

TZ> Let's just say I'll implement the OpenPGP protocol emulation as in
TZ> http://tools.ietf.org/html/rfc4880 when I get to it, and anyone else
TZ> that thinks it's worthwhile can work with me or do it themselves.

Hmm, looks like libnettle (brought in with GnuTLS) already provides most
of the infrastructure needed.  The question for me is, should I bother
with a full OpenPGP signature emulation, or is it sufficient to
implement RSA/DSA/EC-based signatures for Emacs internal use only?  The
latter is going to be much less work; it's basically exposing the
functions in http://www.lysator.liu.se/~nisse/nettle/nettle.html#RSA
http://www.lysator.liu.se/~nisse/nettle/nettle.html#DSA
http://www.lysator.liu.se/~nisse/nettle/nettle.html#Elliptic-curves to
Emacs.

Ted