From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Daiki Ueno Newsgroups: gmane.emacs.devel Subject: Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5 Date: Wed, 05 Feb 2014 14:11:59 +0900 Message-ID: References: <87ha8f3jt1.fsf@building.gnus.org> <87wqhbdnwc.fsf@lifelogs.com> <52F114E7.9000805@cs.ucla.edu> <87iosuenjq.fsf@lifelogs.com> <52F139D3.3030401@cs.ucla.edu> <87a9e6eiyu.fsf@lifelogs.com> <87txceqzdj.fsf@building.gnus.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1391577132 29983 80.91.229.3 (5 Feb 2014 05:12:12 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 5 Feb 2014 05:12:12 +0000 (UTC) Cc: emacs-devel@gnu.org To: Lars Ingebrigtsen Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Feb 05 06:12:20 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WAumY-0002l2-Pk for ged-emacs-devel@m.gmane.org; Wed, 05 Feb 2014 06:12:18 +0100 Original-Received: from localhost ([::1]:57395 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WAumX-0005h1-Vd for ged-emacs-devel@m.gmane.org; Wed, 05 Feb 2014 00:12:17 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:39313) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WAumP-0005g4-VL for emacs-devel@gnu.org; Wed, 05 Feb 2014 00:12:14 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WAumK-00012h-Ei for emacs-devel@gnu.org; Wed, 05 Feb 2014 00:12:09 -0500 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:51345) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WAumK-00012d-CB for emacs-devel@gnu.org; Wed, 05 Feb 2014 00:12:04 -0500 Original-Received: from du-a.org ([2001:e41:db5e:fb14::1]:42843 helo=localhost.localdomain) by fencepost.gnu.org with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1WAumJ-0003OV-Gs; Wed, 05 Feb 2014 00:12:03 -0500 In-Reply-To: <87txceqzdj.fsf@building.gnus.org> (Lars Ingebrigtsen's message of "Tue, 04 Feb 2014 14:36:24 -0800") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:169405 Archived-At: Lars Ingebrigtsen writes: > Encryption is, I think, especially fiddly to get right. That is, > there are plenty of projects that have gotten it wrong over the years. > Using the C interfaces in the intended way would help a bit. I don't know what exactly you mean with "encryption", but real world use-cases of encryption are not that simple. Even for symmetric encryption, you will probably need to consider secret key derivation, padding, etc. Using the C interfaces for them in the intended way would be fiddly to get right. GPG implements a good set of those already, in an interoperable way. On the other hand, who will trust such encrypting code written by a guy with no crypto/security background? > That is, there are plenty of projects that have gotten it wrong over > the years. As far as I know, only projects that have gotten problems with EPG were written by the same author who never try to understand the concepts of EPG/GPG and repeatedly pushes his own fancy crypto ideas with hypothetical use-cases. -- Daiki Ueno