From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.devel
Subject: Re: Emacs core TLS support
Date: Thu, 14 Jan 2010 08:09:46 -0600
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <871vhsvkut.fsf@lifelogs.com>
References: <878wc1vfh3.fsf@lifelogs.com> <87r5ptpnz2.fsf@stupidchicken.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1263478871 5309 80.91.229.12 (14 Jan 2010 14:21:11 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 14 Jan 2010 14:21:11 +0000 (UTC)
Cc: Simon Josefsson <simon@josefsson.org>
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Jan 14 15:21:03 2010
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1NVQZJ-0005TW-Uy
	for ged-emacs-devel@m.gmane.org; Thu, 14 Jan 2010 15:21:02 +0100
Original-Received: from localhost ([127.0.0.1]:40373 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1NVQZK-0002h5-ER
	for ged-emacs-devel@m.gmane.org; Thu, 14 Jan 2010 09:21:02 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NVQPA-0004G5-Qj
	for emacs-devel@gnu.org; Thu, 14 Jan 2010 09:10:32 -0500
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NVQP6-0004Df-7P
	for emacs-devel@gnu.org; Thu, 14 Jan 2010 09:10:32 -0500
Original-Received: from [199.232.76.173] (port=34610 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NVQP5-0004Da-TU
	for emacs-devel@gnu.org; Thu, 14 Jan 2010 09:10:27 -0500
Original-Received: from lo.gmane.org ([80.91.229.12]:37458)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <ged-emacs-devel@m.gmane.org>)
	id 1NVQP5-0007gf-8Y
	for emacs-devel@gnu.org; Thu, 14 Jan 2010 09:10:27 -0500
Original-Received: from list by lo.gmane.org with local (Exim 4.50) id 1NVQOs-0000Vj-Cv
	for emacs-devel@gnu.org; Thu, 14 Jan 2010 15:10:14 +0100
Original-Received: from 38.98.147.130 ([38.98.147.130])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Thu, 14 Jan 2010 15:10:14 +0100
Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Thu, 14 Jan 2010 15:10:14 +0100
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 35
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: 38.98.147.130
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1.90 (gnu/linux)
Cancel-Lock: sha1:yjs8xsTH8V8cnM8eGm8jE7Hd1t0=
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:119990
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/119990>

On Wed, 13 Jan 2010 18:46:41 -0500 Chong Yidong <cyd@stupidchicken.com> wrote: 

CY> Ted Zlatanov <tzz@lifelogs.com> writes:
>> Is there any chance Emacs can offer core support for TLS-encrypted
>> network connections?  I have no idea what's involved, I'm just checking
>> on the possibility.

CY> What's the advantage of offering core support over using gnutls-cli
CY> (like starttls.el does)?
On Wed, 13 Jan 2010 20:37:42 -0500 MON KEY <monkey@sandpframing.com> wrote: 

MK> It is far more apt to work "out of the box " on on w32...

Portability is one consideration.  The parts of Gnus that touch W32
through starttls.el have been a sore point in terms of support, both
offered (too little) and requested (too much).  I don't have a list of
issues on hand but at least 5 have come up in the last year IIRC.

gnutls-cli and the alternative starttls binary are external binaries.
For encryption protocols like TLS it's both inefficient and insecure to
use external binaries to implement them.

In addition to portability, efficiency, and security, core support would
also be easier to configure if it requires no external binaries
installed.  New users would surely benefit from this.

Simon Josefsson already put a patch together at
http://josefsson.org/securemacs but it will probably need to be revised
a bit, the last change was in 2002.  It offers gnutls.el as an
alternative to starttls.el, with a similar API.  As long as this is
optional and autodetected through configure, I don't see a downside.  It
may need to be folded into starttls.el but that's not a big deal.  I'm
cc-ing Simon in case he has any comments.

Ted