From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.devel Subject: Re: Emacs RPC security Date: Mon, 02 May 2011 16:48:17 -0300 Message-ID: References: <87d3kal0za.fsf@lifelogs.com> <874o5mky4o.fsf@lifelogs.com> <871v0hudzo.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1304365710 4188 80.91.229.12 (2 May 2011 19:48:30 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 2 May 2011 19:48:30 +0000 (UTC) Cc: emacs-devel@gnu.org To: Ted Zlatanov Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon May 02 21:48:26 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QGz6W-0001UN-7f for ged-emacs-devel@m.gmane.org; Mon, 02 May 2011 21:48:24 +0200 Original-Received: from localhost ([::1]:53317 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QGz6V-0002PY-Nj for ged-emacs-devel@m.gmane.org; Mon, 02 May 2011 15:48:23 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:60200) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QGz6T-0002PH-Ll for emacs-devel@gnu.org; Mon, 02 May 2011 15:48:22 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QGz6S-0000Ry-QE for emacs-devel@gnu.org; Mon, 02 May 2011 15:48:21 -0400 Original-Received: from fencepost.gnu.org ([140.186.70.10]:36150) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QGz6S-0000Ru-Ne for emacs-devel@gnu.org; Mon, 02 May 2011 15:48:20 -0400 Original-Received: from 121-249-126-200.fibertel.com.ar ([200.126.249.121]:57203 helo=ceviche.home) by fencepost.gnu.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1QGz6S-0004BA-1Y; Mon, 02 May 2011 15:48:20 -0400 Original-Received: by ceviche.home (Postfix, from userid 20848) id 627AD66119; Mon, 2 May 2011 16:48:17 -0300 (ART) In-Reply-To: <871v0hudzo.fsf@lifelogs.com> (Ted Zlatanov's message of "Mon, 02 May 2011 13:57:47 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 140.186.70.10 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:138993 Archived-At: > I already mentioned that given GnuTLS, we can associate client-side SSL > certificates with particular functions, so we authenticate on the > certificates and authorize based on the (certificate, function) > combination. This seems to me much better, even if "orthogonal," than > the current "come visit my server and run anything you like" approach. I think this is pushing server.el where it shouldn't go. It's not meant as "Emacs as a server for whichever network service you can think of", but just "use your own Emacs from other processes". If you want your Emacs to offer services to various users (rather than just to yourself), then you'll want to implement your own (probably based on GNUtls). Stefan