From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Stephen J. Turnbull" Newsgroups: gmane.emacs.devel Subject: Re: POP3 password in plaintext? Date: Fri, 03 Oct 2014 19:54:35 +0900 Message-ID: <87sij5tod0.fsf@uwakimon.sk.tsukuba.ac.jp> References: <878ul1x4kw.fsf@uwakimon.sk.tsukuba.ac.jp> <87ppecv3pj.fsf@uwakimon.sk.tsukuba.ac.jp> <87bnpvutal.fsf@uwakimon.sk.tsukuba.ac.jp> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 X-Trace: ger.gmane.org 1412333712 22082 80.91.229.3 (3 Oct 2014 10:55:12 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 3 Oct 2014 10:55:12 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Oct 03 12:55:06 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xa0Vs-0001t5-Mr for ged-emacs-devel@m.gmane.org; Fri, 03 Oct 2014 12:55:04 +0200 Original-Received: from localhost ([::1]:38830 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xa0Vs-0001O2-6Q for ged-emacs-devel@m.gmane.org; Fri, 03 Oct 2014 06:55:04 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:60330) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xa0Vh-0001Nf-Im for emacs-devel@gnu.org; Fri, 03 Oct 2014 06:55:01 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xa0VY-0006dF-JM for emacs-devel@gnu.org; Fri, 03 Oct 2014 06:54:53 -0400 Original-Received: from shako.sk.tsukuba.ac.jp ([130.158.97.161]:57469) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xa0VY-0006aD-9F for emacs-devel@gnu.org; Fri, 03 Oct 2014 06:54:44 -0400 Original-Received: from uwakimon.sk.tsukuba.ac.jp (uwakimon.sk.tsukuba.ac.jp [130.158.99.156]) by shako.sk.tsukuba.ac.jp (Postfix) with ESMTP id 55D381C3ACA for ; Fri, 3 Oct 2014 19:54:35 +0900 (JST) Original-Received: by uwakimon.sk.tsukuba.ac.jp (Postfix, from userid 1000) id 49D971A2760; Fri, 3 Oct 2014 19:54:35 +0900 (JST) In-Reply-To: X-Mailer: VM undefined under 21.5 (beta34) "kale" acf1c26e3019 XEmacs Lucid (x86_64-unknown-linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 130.158.97.161 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:174949 Archived-At: Ted Zlatanov writes: > SJT> No, I really do mean "password-read". Mostly because not all > SJT> protocols demand authentication immediately on opening a stream. Eg, > SJT> many sites can be accessed with HTTP, will switch to HTTPS without > SJT> authentication of the client, then present an HTML document for > SJT> login. > > Clearly that's not possible, because the read password can be used at > any point by the Lisp code; it's just data from that point on. Sure, but most of the sites I access work that way. The TLS connection is basically anonymous, and authentication is done over that connection. If the site presents a certificate, then you can be pretty sure it's the right site to give your credentials to, and the site is happy because it doesn't give you anything but a login screen until you do give it your credentials, at which point you know the site and the site knows you and you can do your business together. > Do you mean we should be able to send a password directly to a > network or process stream at the C level? That makes a lot of sense > to me and connects to the idea of "secret" data in the Emacs core. No, I don't mean anything like that. That may be the right idea, but I haven't thought carefully about it. I'm just telling you that we can't depend on sites demanding authentication during the connection process.