From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Stephen J. Turnbull" Newsgroups: gmane.emacs.devel Subject: Re: Should Emacs provide a uuid function? Date: Sun, 01 May 2011 03:39:36 +0900 Message-ID: <87aaf78txz.fsf@uwakimon.sk.tsukuba.ac.jp> References: <87ipu3v0ru.fsf@stupidchicken.com> <871v0raqub.fsf@uwakimon.sk.tsukuba.ac.jp> <42A7030B-DE0C-4CCA-A768-B82BE70C42F9@raeburn.org> <87y62yafdn.fsf@uwakimon.sk.tsukuba.ac.jp> <2E30D21A-83C0-477A-AB08-2E933A16AC2D@raeburn.org> <8762pxafce.fsf@uwakimon.sk.tsukuba.ac.jp> <09410824-6882-4736-9DB4-7D0A4837A73D@raeburn.org> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1304188449 5608 80.91.229.12 (30 Apr 2011 18:34:09 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sat, 30 Apr 2011 18:34:09 +0000 (UTC) Cc: Emacs Dev To: Ken Raeburn Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Apr 30 20:34:05 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QGEzU-0001LF-CQ for ged-emacs-devel@m.gmane.org; Sat, 30 Apr 2011 20:34:04 +0200 Original-Received: from localhost ([::1]:56060 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QGEzT-0003qD-Rz for ged-emacs-devel@m.gmane.org; Sat, 30 Apr 2011 14:34:03 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:55815) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QGEzQ-0003q7-Li for emacs-devel@gnu.org; Sat, 30 Apr 2011 14:34:01 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QGEzP-0008T6-RV for emacs-devel@gnu.org; Sat, 30 Apr 2011 14:34:00 -0400 Original-Received: from mgmt1.sk.tsukuba.ac.jp ([130.158.97.223]:56559) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QGEzP-0008S6-AN for emacs-devel@gnu.org; Sat, 30 Apr 2011 14:33:59 -0400 Original-Received: from uwakimon.sk.tsukuba.ac.jp (uwakimon.sk.tsukuba.ac.jp [130.158.99.156]) by mgmt1.sk.tsukuba.ac.jp (Postfix) with ESMTP id 89C183FA023A; Sun, 1 May 2011 03:33:33 +0900 (JST) Original-Received: by uwakimon.sk.tsukuba.ac.jp (Postfix, from userid 1000) id 00C481A389A; Sun, 1 May 2011 03:39:36 +0900 (JST) In-Reply-To: <09410824-6882-4736-9DB4-7D0A4837A73D@raeburn.org> X-Mailer: VM 8.1.93a under 21.5 (beta30) "garlic" f2881cb841b4+ XEmacs Lucid (x86_64-unknown-linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 130.158.97.223 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:138928 Archived-At: Ken Raeburn writes: > (Why, yes, I *have* spent a lot of years thinking about some > aspects of computer and network security.) Sure, I have too. Enough so that I have one computer that doesn't have a network connection at all. (Not coincidentally, it's the only Windows-based computer I use regularly.) On the other hand, correlating my location with Suzy's is a waste of the hacker's time, because it's easy enough to figure out where I am several days a month from the online university course catalog and from webserver logs (IP addresses for the rather balkanized campus network often allows determining probable -- assuming no deliberate obfuscation -- location within 50m). > Different sorts of exposures lead to different kinds of > opportunities for attacks. Just because one hasn't been closed off > doesn't mean it's not worth looking at others. Certainly. I don't think this one justifies an addition to core because (1) the attacks it *might* foreclose for *some* people with insecure versions of uuidgen are minor, even compared to the minor costs of writing, documenting, and maintaining an internal uuidgen; (2) at least some of the use cases proposed so far would likely not want to use uuidgen-style identifiers, and IMO it is rather likely that adding an internal uuidgen to core is unlikely to much reduce the number of different implementations, most of which will be more or less insecure; and (3) I think the whole idea is currently only half baked, especially with respect to UUID formats, and it would not hurt to have one or more implementations in ELPA, which would allow experience to determine best practice before putting in core.