From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Michal Nazarewicz" Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable Date: Fri, 29 Apr 2011 18:35:23 +0200 Message-ID: References: <835b9d42b15c18e5adf7381138f347061fbc17e8.1298381336.git.mina86@mina86.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit X-Trace: dough.gmane.org 1304108160 3852 80.91.229.12 (29 Apr 2011 20:16:00 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Fri, 29 Apr 2011 20:16:00 +0000 (UTC) Cc: emacs-devel@gnu.org To: "Stefan Monnier" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Apr 29 22:15:55 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QFu6V-0005ui-Ih for ged-emacs-devel@m.gmane.org; Fri, 29 Apr 2011 22:15:55 +0200 Original-Received: from localhost ([::1]:36158 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QFu6U-0007MN-V3 for ged-emacs-devel@m.gmane.org; Fri, 29 Apr 2011 16:15:54 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:43414) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QFqf9-0003M0-SR for emacs-devel@gnu.org; Fri, 29 Apr 2011 12:35:28 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QFqf8-0002Oq-Po for emacs-devel@gnu.org; Fri, 29 Apr 2011 12:35:27 -0400 Original-Received: from mail-fx0-f41.google.com ([209.85.161.41]:37114) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QFqf8-0002Om-HA for emacs-devel@gnu.org; Fri, 29 Apr 2011 12:35:26 -0400 Original-Received: by fxm18 with SMTP id 18so3302246fxm.0 for ; Fri, 29 Apr 2011 09:35:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:content-type:to:cc:subject:references :date:mime-version:content-transfer-encoding:from:message-id :in-reply-to:user-agent; bh=K1XWiKqqNSb6nyb7zEQbrwbZOElZzd9y0bv59Ad0Lw4=; b=UEFw9FJCM5lupO0t5z89mPeCS1QI8UWzcEZl0+9UtY+tw6+6m/LAkxbKFPd+E/qs5b D7f0kAIn/yXQQ9cdOKFMNBuUPeKIyjNQZ0gSSqWKZQIcpRioc7+jc1/WdZFAgJN7jVeT z2i3B7ZtDeqFBUBY4BpXF89IigJd+8mksy+2U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:content-type:to:cc:subject:references:date:mime-version :content-transfer-encoding:from:message-id:in-reply-to:user-agent; b=qhEmvIXeGGTMSqySem1mkCBKL+VwdMukPWbUGU9qAAVD4uK3SjaRWe834RwbvTZLWO HIvW9jOuHW8U46ML7FIgMkZeqPAKNBOCvzsWySnWSpG4mXEiD4tu/OffwVuI9VTNCyKl zB3huHnuX9NB3yKlnfEGrPQlEOXY3d+AM12kE= Original-Received: by 10.223.59.81 with SMTP id k17mr1364717fah.94.1304094925575; Fri, 29 Apr 2011 09:35:25 -0700 (PDT) Original-Received: from mnazarewicz-glaptop (dhcp-172-16-75-204.zrh.corp.google.com [172.16.75.204]) by mx.google.com with ESMTPS id p16sm944724fax.45.2011.04.29.09.35.24 (version=SSLv3 cipher=OTHER); Fri, 29 Apr 2011 09:35:24 -0700 (PDT) In-Reply-To: User-Agent: Opera Mail/11.10 (Linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 209.85.161.41 X-Mailman-Approved-At: Fri, 29 Apr 2011 16:14:35 -0400 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:138914 Archived-At: On Fri, 29 Apr 2011 18:22:27 +0200, Stefan Monnier wrote: >> +In some situations however, it can be difficult to share randomly >> +generated password with remote hosts (eg. no shared directory), > > ssh/scp work fine for me. Yes, but you'd have to send the key every time you connect to the remote host and every time you restart emacs. I thought about something like that but decided that it'd be easier to just use a single shared key. >> +so you can set the key with this variable and then copy server >> +file to remote host (with possible changes to IP address and/or >> +port if that applies). > > IIUC this only makes sense if you want to use a shared key that you keep > for a "long" time (since the intention is to reduce the frequency of > key-distribution). Yep, that's my use-case. > Now the server keys are sent in the clear over the network, so the > security we provide is rather minimal. In my case it's not actually an issue since I use OpenVPN to connect to my remote host, not to say that in general this may decrease security for some users should they choose to use it. > OT1H that means your patch should be OK since we don't really have > security anyway. OTOH it means that it makes the security threat > more serious. -- Best regards, _ _ .o. | Liege of Serenely Enlightened Majesty of o' \,=./ `o ..o | Computer Science, Michal "mina86" Nazarewicz (o o) ooo +----------ooO--(_)--Ooo--