From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Juanma Barranquero <lekktu@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
Date: Sun, 1 May 2011 01:59:25 +0200
Message-ID: <BANLkTime=DP2JrxOgP2HCPN0GT46RacZSQ@mail.gmail.com>
References: <835b9d42b15c18e5adf7381138f347061fbc17e8.1298381336.git.mina86@mina86.com>
	<jwvmxj9hw53.fsf-monnier+emacs@gnu.org>
	<BANLkTimAtPfP_vuoa4bwQL7BMUdB2eNFjQ@mail.gmail.com>
	<87fwoz5oz1.fsf@erwin.mina86.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Trace: dough.gmane.org 1304208015 32248 80.91.229.12 (1 May 2011 00:00:15 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Sun, 1 May 2011 00:00:15 +0000 (UTC)
Cc: Michal Nazarewicz <mnazarewicz@google.com>,
	Stefan Monnier <monnier@iro.umontreal.ca>, emacs-devel@gnu.org
To: Michal Nazarewicz <mina86@mina86.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun May 01 02:00:11 2011
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QGK53-0005um-Sk
	for ged-emacs-devel@m.gmane.org; Sun, 01 May 2011 02:00:10 +0200
Original-Received: from localhost ([::1]:50274 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QGK53-0008VN-HG
	for ged-emacs-devel@m.gmane.org; Sat, 30 Apr 2011 20:00:09 -0400
Original-Received: from eggs.gnu.org ([140.186.70.92]:56954)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lekktu@gmail.com>) id 1QGK51-0008TF-DB
	for emacs-devel@gnu.org; Sat, 30 Apr 2011 20:00:08 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <lekktu@gmail.com>) id 1QGK50-0002Ql-4J
	for emacs-devel@gnu.org; Sat, 30 Apr 2011 20:00:07 -0400
Original-Received: from mail-yw0-f41.google.com ([209.85.213.41]:52334)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lekktu@gmail.com>) id 1QGK4z-0002Pa-RB
	for emacs-devel@gnu.org; Sat, 30 Apr 2011 20:00:05 -0400
Original-Received: by ywa1 with SMTP id 1so2001492ywa.0
	for <emacs-devel@gnu.org>; Sat, 30 Apr 2011 17:00:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:cc:content-type:content-transfer-encoding;
	bh=sfnuGuqqvmlp/91fbOdG5Id5fzIcV09IMuQwc5LavhE=;
	b=lr7i2Q1JZeuu2yRTEpD2KYyObdkx8dtfqijhoTUSiR3GYVY0F1cocgwIlO9sBbKABm
	LmBFWpbdmDEqMRx0Nygv8HWfvmnig+3OM5Sv+POmqGCJMQk5FP8nfO1fdDCPBAY3wHWN
	10pep/TtPmAWat7MI0tUi3OaTpqU2/oMwIOYY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc:content-type:content-transfer-encoding;
	b=LY/xL9B2GMsijXwFAQgXS/6h/G62lOEmVwrt87nWh67BPE8sI+aF4g2K8AdiF+Ppjx
	mF8KCDJTjxHAKzU0VgVeB3Oaw5e1kY2bdhO9APZeQsANXYIOTjVJJDGhowRMu/faxA3W
	4z1+nZPStm5P5wFAozo2VPW5ikaHQu/VSldeA=
Original-Received: by 10.236.193.100 with SMTP id j64mr8275923yhn.294.1304208005118;
	Sat, 30 Apr 2011 17:00:05 -0700 (PDT)
Original-Received: by 10.147.182.5 with HTTP; Sat, 30 Apr 2011 16:59:25 -0700 (PDT)
In-Reply-To: <87fwoz5oz1.fsf@erwin.mina86.com>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
X-Received-From: 209.85.213.41
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: </archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:138934
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/138934>

2011/5/1 Michal Nazarewicz <mina86@mina86.com>:

> Depending on how paranoid are we, MD5 could feel too weak though.
> (Also, one could wish for HMAC.)

I am not feeling particularly paranoid just now, seeing as we've been
using a cleartext authentication key for the past few years...

> Actually, server would have to generate the nonce. =C2=A0Otherwise, the
> authentication scheme would be prone to replay attacks and would really
> defy the purpose of nonce.

OK, I in fact prefer to generate the nonce in elisp.

> That would still break backward compatibility, wouldn't it? =C2=A0The old
> servers would not accept this command anyway. =C2=A0Unless server would i=
ssue
> it to client just after making connection. =C2=A0From what I see, the old
> clients would "only" print error message.

Yeah, but a failed -auth closes the connection and deletes the
process, while an unknown command just issues an error message. One
way or another, I don't think we can avoid the error message on the
emacsclient side.

> In the worst case, the client could first try the new authenticating
> scheme and on error reconnect with the old scheme.

Yes, but as the connection is closed, that adds a bit of complexity to
emacsclient that I'd like to avoid if possible.

=C2=A0 =C2=A0 Juanma