From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Stephen J. Turnbull" Newsgroups: gmane.emacs.devel Subject: Re: secret strings Date: Sat, 02 Apr 2011 01:14:16 +0900 Message-ID: <87oc4qlzjb.fsf@uwakimon.sk.tsukuba.ac.jp> References: <4D926EA9.5080509@gmail.com> <4D92AD2B.40502@gmail.com> <87lizwd9lt.fsf_-_@lifelogs.com> <87ei5n8ffi.fsf@lifelogs.com> <87hbaivju2.fsf@uwakimon.sk.tsukuba.ac.jp> <87ei5moa61.fsf_-_@lifelogs.com> <87hbaia58a.fsf@uwakimon.sk.tsukuba.ac.jp> <87aagansj0.fsf@lifelogs.com> <87r59mm3z7.fsf@uwakimon.sk.tsukuba.ac.jp> <87pqp657le.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1301678241 14277 80.91.229.12 (1 Apr 2011 17:17:21 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Fri, 1 Apr 2011 17:17:21 +0000 (UTC) Cc: emacs-devel@gnu.org To: Ted Zlatanov Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Apr 01 19:17:15 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Q5hyB-0003In-GK for ged-emacs-devel@m.gmane.org; Fri, 01 Apr 2011 19:17:11 +0200 Original-Received: from localhost ([127.0.0.1]:43103 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q5hy9-00006S-CH for ged-emacs-devel@m.gmane.org; Fri, 01 Apr 2011 13:17:09 -0400 Original-Received: from [140.186.70.92] (port=42844 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q5hf0-0007h7-5z for emacs-devel@gnu.org; Fri, 01 Apr 2011 12:57:23 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Q5guJ-00064v-IL for emacs-devel@gnu.org; Fri, 01 Apr 2011 12:09:08 -0400 Original-Received: from mgmt2.sk.tsukuba.ac.jp ([130.158.97.224]:54412) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Q5guJ-00064f-An for emacs-devel@gnu.org; Fri, 01 Apr 2011 12:09:07 -0400 Original-Received: from uwakimon.sk.tsukuba.ac.jp (uwakimon.sk.tsukuba.ac.jp [130.158.99.156]) by mgmt2.sk.tsukuba.ac.jp (Postfix) with ESMTP id B9B2E97031F; Sat, 2 Apr 2011 01:09:03 +0900 (JST) Original-Received: by uwakimon.sk.tsukuba.ac.jp (Postfix, from userid 1000) id 6298D1A3A82; Sat, 2 Apr 2011 01:14:16 +0900 (JST) In-Reply-To: <87pqp657le.fsf@lifelogs.com> X-Mailer: VM 8.1.93a under 21.5 (beta29) "garbanzo" eac2e6bd5b2c+ XEmacs Lucid (x86_64-unknown-linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 130.158.97.224 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:138009 Archived-At: Ted Zlatanov writes: > OK. I'll buy that. So how, then, does the the producer, the > auth-source API, encourage consumers to wipe their secrets? That depends on the security model, it seems to me. For some purposes, ROT13, with no secret at all, is sufficient "security". In other cases, the user is given a secret to be used once (eg, a temporary password). In other cases, the user may never see the secret at all (public key methods). The problem, as I see it, is that the auth-source doesn't know what the consumer is going to do with it, or how long the secret will remain valid. I don't really see how this is the auth-source's business. The `with-secret-strings' macro I suggested is the only fairly generic kind of thing I can think of, but it's not really very general.