On 4/25/11 11:02 AM, Ted Zlatanov wrote: > On Mon, 25 Apr 2011 14:35:49 -0300 Stefan Monnier wrote: > SM> Ted wrote: >>> 1) authentication: the server should be able to verify the client's >>> identity and the client should be able to verify the server's identity. >>> This can be accomplished with SSL certificates and GnuTLS or by signing >>> each message. > > SM> Using GnuTLS for the TCP connections could be a good idea as well: > SM> patches welcome. > > I will put server GnuTLS support in Emacs on my TODO list, but it will > take a while. I hope you consider it important. > >>> 2) authorization: the server should be able to associate each client >>> identity with only certain functions it can invoke directly. > > SM> When such a need will arise, we will think about it. In all the cases > SM> I've seen until now, the Emacs server is only used by the same user as > SM> the client, so there's not much point making the security structure > SM> so complicated, right now. > > Of course, since the security is so weak right now, no one is using it > outside a limited one-user so you haven't seen any unusual cases. I > would use it personally as a remote password server so all my > auth-source data doesn't live on all the machines I use. I would also > use it to implement a remote synchronization facility for Gnus and BBDB. That's a fine goal, but you don't need to implement the requisite security in Emacs proper. stunnel will give you a secure channel and, with client certificates, can authenticate both parties. I'd prefer not to have a GnuTLS server in Emacs right now.