From: timotheus <timotheus@tstotts.net>
To: emacs-devel@gnu.org
Cc: mh-e-devel@lists.sourceforge.net, ding@gnus.org
Subject: Re: smime.el: security concerns?
Date: Fri, 13 Jul 2007 13:09:54 -0400 [thread overview]
Message-ID: <m2tzs8b57h.fsf@tstotts.net> (raw)
In-Reply-To: v9wsx4xowf.fsf_-_@marauder.physik.uni-ulm.de
[-- Attachment #1.1: Type: text/plain, Size: 877 bytes --]
Reiner Steib <reinersteib+gmane@imap.cc> writes:
> On Fri, Jul 13 2007, timotheus wrote:
>
>> ... `smime.el' has some security, feature, and
>> ease-of-use concerns too.
>
> If there are any security concerns wrt `smime.el', please report them.
>
> Bye, Reiner.
> --
It is more a matter of opinion, but I once noticed the following with
`smime.el'.
- `call-process' / `call-process-region' (temporary files in /tmp/?)
- environment variable(s) for password passing
- documentation encourages use of un-passworded .pem
- password caching via elisp instead of external agent
- personally avoid, even for tramp + SSH
- the very manual .pem key/crt setup was tricky
Some of them you mention in the comments. EasyPG mentions some of them
in its comments/docs wrt other Emacs cryptography libraries. Not a big
deal, perhaps.
-timotheus
[-- Attachment #1.2: Type: application/pgp-signature, Size: 188 bytes --]
[-- Attachment #2: Type: text/plain, Size: 142 bytes --]
_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel
next prev parent reply other threads:[~2007-07-13 17:09 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-12 3:58 proposed patch to enable MH-E usage of GNU + EPG timotheus
2007-07-12 21:23 ` Richard Stallman
2007-07-13 5:31 ` Bill Wohler
2007-07-13 15:14 ` timotheus
2007-07-13 16:13 ` smime.el: security concerns? (was: proposed patch to enable MH-E usage of GNU + EPG) Reiner Steib
2007-07-13 17:09 ` timotheus [this message]
2007-07-13 23:08 ` smime.el: security concerns? Richard Stallman
2007-07-13 23:09 ` proposed patch to enable MH-E usage of GNU + EPG Richard Stallman
2007-07-14 0:30 ` timotheus
2007-07-13 23:10 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2tzs8b57h.fsf@tstotts.net \
--to=timotheus@tstotts.net \
--cc=ding@gnus.org \
--cc=emacs-devel@gnu.org \
--cc=mh-e-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).