From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Karl Fogel Newsgroups: gmane.emacs.devel Subject: Re: more on starttls, gnutls-cli and using tls for mail Date: Sun, 14 Aug 2011 12:23:09 -0400 Message-ID: <87bovsj72q.fsf@red-bean.com> References: <20039.8838.116211.694328@gargle.gargle.HOWL> <8762m0n5qi.fsf@red-bean.com> <87ty9kpl2q.fsf@niu.edu> Reply-To: Karl Fogel NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1313339004 14120 80.91.229.12 (14 Aug 2011 16:23:24 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 14 Aug 2011 16:23:24 +0000 (UTC) Cc: emacs-devel@gnu.org To: Roland Winkler Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Aug 14 18:23:20 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QsdT4-0002JO-FN for ged-emacs-devel@m.gmane.org; Sun, 14 Aug 2011 18:23:18 +0200 Original-Received: from localhost ([::1]:33228 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QsdT3-0004wo-Vz for ged-emacs-devel@m.gmane.org; Sun, 14 Aug 2011 12:23:17 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:45854) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QsdT1-0004wg-0S for emacs-devel@gnu.org; Sun, 14 Aug 2011 12:23:15 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QsdT0-00062C-1D for emacs-devel@gnu.org; Sun, 14 Aug 2011 12:23:14 -0400 Original-Received: from mail-vw0-f41.google.com ([209.85.212.41]:35948) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QsdSz-00061y-U0; Sun, 14 Aug 2011 12:23:13 -0400 Original-Received: by vwm42 with SMTP id 42so4288796vwm.0 for ; Sun, 14 Aug 2011 09:23:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:from:to:cc:subject:references:reply-to:date:in-reply-to :message-id:user-agent:mime-version:content-type; bh=DD6cQLyVQPSCQSAesw4utcgdK8ooPb6KVh29fG/sGD0=; b=nbKLIYPMhErFdk+EKrCT5u6DWaA0ae/ns9Xz0I7c8MWDKqu3el4ChlhYngGUSargC5 qYn4UA44vFWe2SobH5e0Gx5X2mzucdA5Hs+hTy2CcOr2HJkWZee1oeFdsm1dZoF/TYNs orY7a2lcFO24zyzHSwGKrsE3tJaWB0+/EDyrc= Original-Received: by 10.52.69.78 with SMTP id c14mr2786300vdu.353.1313338993108; Sun, 14 Aug 2011 09:23:13 -0700 (PDT) Original-Received: from floss (cpe-66-65-49-129.nyc.res.rr.com [66.65.49.129]) by mx.google.com with ESMTPS id dq1sm2883237vdb.13.2011.08.14.09.23.11 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 14 Aug 2011 09:23:12 -0700 (PDT) In-Reply-To: <87ty9kpl2q.fsf@niu.edu> (Roland Winkler's message of "Sun, 14 Aug 2011 01:24:13 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 209.85.212.41 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:143211 Archived-At: Roland Winkler writes: >> I've been thinking that lately too. >> >> First, the fact that .authinfo is created world-readable just seems >> like a clear bug. Also easy to fix (sorry, I don't have patch, but >> I could come up with one if we all agree this is a straight bug). > >See bug #9113. So yes, I agree that this is a bug. See also bug >#7487 where some issues related to .authinfo were discussed: Under >certain circumstances Gnus needed to repeatedly decrypt >~/.authinfo.gpg, which requires the gpg passphrase. Yet I do not find it >justified to make an unencrypted ~/.authinfo the default because of such >a nuisance. If at all, I believe it should be the other way round: the >default should be ~/.authinfo.gpg. If someone doesn't like that for >whatever reason, he or she can change that in the init file. Bug #9113 is slightly different from what T.V. and I were saying. #9113 suggests solving the exposure problem through encryption, and then #7487 has a long discussion about what kind of encryption it should be -- public key or symmetric -- how the user interface should work, etc. But I think T.V. and I are just saying: "In the plaintext case, let's at least make the file non-world-readable!" Offering encryption is great, but it's also very complex and error-prone (as the bug reports show). There will always be a plaintext case, since users cannot be required to have GPG-like software installed. In the plaintext case, we could behave better than we do. But it sounds like we probably agree on this too, and I should just make the change :-). Separately, I think it's bad that we removed the Elisp-based API for passing this authn information, since some people (like me) are already using Elisp to fetch the auth creds securely from elsewhere, and having to dynamically construct a ~/.authinfo file as a means of passing that information *to other Elisp* is, shall we say, a really poor API. There's no reason we can't have both `smtpmail-auth-credentials' and ~/.authinfo (or ~/.authinfo.foo), and simply fall try the former when the latter is unavailable. However, that's a larger change, or semi-reversion. I don't know if it would be accepted; I guess it belongs in a distinct thread. -K