From: Ted Zlatanov <tzz@lifelogs.com>
To: emacs-devel@gnu.org
Subject: Re: secure plist store
Date: Wed, 29 Jun 2011 07:38:53 -0500 [thread overview]
Message-ID: <87sjqsrew2.fsf@lifelogs.com> (raw)
In-Reply-To: 87wrg4kh7p.fsf-ueno@unixuser.org
On Wed, 29 Jun 2011 20:30:34 +0900 Daiki Ueno <ueno@unixuser.org> wrote:
DU> Ted Zlatanov <tzz@lifelogs.com> writes:
DU> Not really - GPG2 passphrase caching is smarter than elisp level caching
DU> as it uses unique ID embedded in GPG data, so it allows user to share
DU> passphrases even among multiple Emacs processes.
>>
>> ...so you're saying we don't benefit from a feature we can't use? What
>> are we supposed to change or improve?
DU> OK, honestly, I would say that it won't work with GPG2 since GPG2 does
DU> always do the password operation in the agent. Have you tried that?
I'm not sure what you're asking, unfortunately. What do you want me to try?
>> The nicest thing about the netrc format, IMHO, is that other programs
>> understand it.
DU> What other programs use GPG encrypted netrc?
You mean fully encrypted (authinfo.gpg)? None; that format, however, is
the only one available that offers full encryption. The field
encryption (GPG tokens) is backwards compatible and no other programs
support decrypting those tokens yet (although I would push for it in
libcurl, for example).
DU> What other programs writes passwords automatically into that file?
Why does that matter? It's a convenience we offer. Most other programs
that use it fail silently if the credentials are not in there; we ask to
save instead. That seems a good choice to me but I want to listen and
change things if there are better ways to do it. So far Stefan Monnier
and you have complained about the *prompting* and I've tried to fix the
prompting issues that Stefan noted in a long bug thread. But no one has
complained about the *functionality* or asked to change it.
DU> IMHO, these are very ad-hoc approaches and causing unnecessary
DU> complexities.
Perhaps you could recommend a better way. Besides the Secrets API,
which does not work across platforms, I'm not aware of one.
>> Editing the netrc directly is not a power user feature. They are very
>> easy to read and understand. I have shown dozens of people with various
>> skill levels how to use them and the only question they tend to ask is
>> "what about spaces in the password?"
DU> I guess that file is edited when a user is accessing to some machines
DU> frequently with legacy clients (like ~/.rhosts).
Git+libcurl use the netrc file, for instance. It's the only way to
provide passwords for Git over HTTP AFAIK.
DU> I really hope that Gnus does the password caching in more suckless
DU> way, as modern clients like Thunderbird do, at least by default.
What are you talking about when you say "password caching"? There are
at least 3 pieces:
- searching for credentials and using them (host, port, user name, secret)
- saving credentials for the session
- saving credentials permanently
Not to mention the EPA/EPG interaction with the .gpg files, where it
sometimes needs to ask for the passphrase.
DU> For my case, I have never edited netrc by hand. After upgrading to Gnus
DU> in Emacs 24, it started asking with confusing multiple-choice question
DU> to save the password, and I answered the question with "y" without
DU> reading the help carefully. Then, from the next time, it started asking
DU> passwords unwanted timing - really annoying, and it shouldn't be the
DU> default behavior for new users.
I'm trying to understand the problem of "unwanted timing." Do you mean
you're getting prompted for your credentials repeatedly? What Gnus
backend are you talking about? Set `auth-source-debug' to 'trivia and
check the *Messages* buffer to see what `auth-source-search' calls are
failing; that's a good first step to understand what's wrong.
In general, if you don't think we should be asking for passwords, how
would you suggest we behave when passwords are needed, e.g. for IMAP?
Would you rather see something like assistant.el employed to do a
multi-step configuration, and then when credentials are missing we
simply say "sorry but you have to redo the setup for service X" or ask
for the credentials immediately? I think that's what most other MUAs
do, with some small variations. They usually save the credentials to a
place that only works for that MUA.
Ted
next prev parent reply other threads:[~2011-06-29 12:38 UTC|newest]
Thread overview: 203+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-23 18:54 Emacs RPC Lars Magne Ingebrigtsen
2011-04-24 3:21 ` T.V. Raman
2011-04-24 20:04 ` Richard Stallman
2011-04-24 20:24 ` Lars Magne Ingebrigtsen
2011-04-25 17:55 ` Richard Stallman
2011-05-01 18:53 ` Lars Magne Ingebrigtsen
2011-05-02 2:13 ` Lars Magne Ingebrigtsen
2011-05-02 21:25 ` Chong Yidong
2011-05-02 22:54 ` Lars Magne Ingebrigtsen
2011-04-24 20:26 ` Daniel Colascione
2011-04-25 17:56 ` Richard Stallman
2011-04-24 17:40 ` Chong Yidong
2011-04-24 18:00 ` Lars Magne Ingebrigtsen
2011-04-24 19:56 ` Chong Yidong
2011-04-25 1:21 ` Ted Zlatanov
2011-04-25 1:26 ` Lars Magne Ingebrigtsen
2011-04-25 2:05 ` Ted Zlatanov
2011-04-25 12:57 ` Stefan Monnier
2011-04-25 12:59 ` Stefan Monnier
2011-04-25 17:00 ` Emacs RPC security (was: Emacs RPC) Ted Zlatanov
2011-04-25 17:35 ` Emacs RPC security Stefan Monnier
2011-04-25 18:02 ` Ted Zlatanov
2011-04-25 18:17 ` Daniel Colascione
2011-04-25 19:43 ` Ted Zlatanov
2011-04-25 18:38 ` Stefan Monnier
2011-04-25 18:57 ` Ted Zlatanov
2011-05-01 18:55 ` Lars Magne Ingebrigtsen
2011-05-01 22:02 ` Lars Magne Ingebrigtsen
2011-05-01 22:19 ` Opportunistic STARTTLS in smtpmail.el (was: Emacs RPC security) Lars Magne Ingebrigtsen
2011-05-02 15:20 ` Opportunistic STARTTLS in smtpmail.el James Cloos
2011-05-02 18:52 ` Ted Zlatanov
2011-05-02 18:59 ` Lars Magne Ingebrigtsen
2011-05-02 19:21 ` Ted Zlatanov
2011-05-02 23:36 ` Lars Magne Ingebrigtsen
2011-05-03 0:29 ` Ted Zlatanov
2011-05-03 1:01 ` Lars Magne Ingebrigtsen
2011-05-03 1:22 ` Ted Zlatanov
2011-05-03 22:04 ` Lars Magne Ingebrigtsen
2011-05-04 1:37 ` Ted Zlatanov
2011-05-30 17:45 ` Lars Magne Ingebrigtsen
2011-05-30 18:07 ` Robert Pluim
2011-05-30 18:14 ` Lars Magne Ingebrigtsen
2011-05-30 18:54 ` Robert Pluim
2011-05-30 19:13 ` Stefan Monnier
2011-05-30 19:43 ` Lars Magne Ingebrigtsen
2011-05-30 23:10 ` Lars Magne Ingebrigtsen
2011-05-31 7:11 ` Robert Pluim
2011-05-31 10:13 ` Ted Zlatanov
2011-05-31 18:19 ` Lars Magne Ingebrigtsen
2011-05-31 19:39 ` Ted Zlatanov
2011-05-31 20:32 ` Lars Magne Ingebrigtsen
2011-06-01 0:37 ` Ted Zlatanov
2011-06-01 1:29 ` Stefan Monnier
2011-06-01 2:04 ` Ted Zlatanov
2011-06-01 12:37 ` Stefan Monnier
2011-06-01 13:34 ` Ted Zlatanov
2011-06-01 14:39 ` Stefan Monnier
2011-06-01 15:14 ` Ted Zlatanov
2011-06-02 4:09 ` Stefan Monnier
2011-06-02 8:57 ` Robert Pluim
2011-06-02 11:45 ` Daiki Ueno
2011-06-02 12:24 ` Stefan Monnier
2011-06-02 14:20 ` Ted Zlatanov
2011-06-02 15:03 ` Daiki Ueno
2011-06-02 15:31 ` Ted Zlatanov
2011-06-03 21:54 ` Lars Magne Ingebrigtsen
2011-06-05 15:11 ` netrc field encryption in auth-source (was: Opportunistic STARTTLS in smtpmail.el) Ted Zlatanov
2011-06-26 10:09 ` netrc field encryption in auth-source Lars Magne Ingebrigtsen
2011-06-27 15:43 ` GPGME (was: netrc field encryption in auth-source) Ted Zlatanov
2011-06-27 21:47 ` GPGME Daiki Ueno
2011-06-28 11:56 ` GPGME Ted Zlatanov
2011-06-28 20:36 ` GPGME Daiki Ueno
2011-06-29 8:07 ` secure plist store Daiki Ueno
2011-06-29 8:25 ` Lars Magne Ingebrigtsen
2011-06-29 9:05 ` Daiki Ueno
2011-06-29 10:46 ` Ted Zlatanov
2011-06-29 11:30 ` Daiki Ueno
2011-06-29 12:38 ` Ted Zlatanov [this message]
2011-06-29 13:39 ` Daiki Ueno
2011-06-29 10:54 ` Ted Zlatanov
2011-06-29 11:59 ` Daiki Ueno
2011-06-29 12:58 ` Ted Zlatanov
2011-06-29 14:34 ` Ted Zlatanov
2011-06-29 18:31 ` Daiki Ueno
2011-06-30 12:23 ` Ted Zlatanov
2011-06-30 23:10 ` Daiki Ueno
2011-07-01 13:36 ` Ted Zlatanov
2011-06-29 14:37 ` Ted Zlatanov
2011-06-29 14:36 ` Ted Zlatanov
2011-06-30 7:43 ` Daiki Ueno
2011-06-30 12:19 ` Ted Zlatanov
2011-06-30 13:42 ` Daiki Ueno
2011-06-30 14:54 ` Ted Zlatanov
2011-06-30 22:18 ` Daiki Ueno
2011-06-30 22:34 ` Ted Zlatanov
2011-07-01 2:28 ` Daiki Ueno
2011-07-01 13:18 ` Ted Zlatanov
2011-07-03 2:13 ` Daiki Ueno
2011-06-29 11:09 ` GPGME Ted Zlatanov
2011-06-29 13:15 ` GPGME Daiki Ueno
2011-06-29 17:21 ` GPGME Ted Zlatanov
2011-06-29 18:41 ` GPGME Daiki Ueno
2011-06-30 12:46 ` GPGME Ted Zlatanov
2011-06-02 13:09 ` Opportunistic STARTTLS in smtpmail.el Ted Zlatanov
2011-06-02 13:44 ` Daiki Ueno
2011-06-03 21:50 ` Lars Magne Ingebrigtsen
2011-05-31 1:25 ` Stefan Monnier
2011-05-31 18:21 ` Lars Magne Ingebrigtsen
2011-05-31 21:18 ` Stefan Monnier
2011-06-03 21:48 ` Lars Magne Ingebrigtsen
2011-06-05 14:55 ` Ted Zlatanov
2011-06-09 18:02 ` Lars Magne Ingebrigtsen
2011-06-09 21:06 ` Ted Zlatanov
2011-06-10 16:05 ` netrc field encryption in auth-source (was: Opportunistic STARTTLS in smtpmail.el) Ted Zlatanov
2011-06-13 21:47 ` netrc field encryption in auth-source Ted Zlatanov
2011-06-13 22:21 ` Lars Magne Ingebrigtsen
2011-06-15 16:20 ` Lars Magne Ingebrigtsen
2011-06-15 21:21 ` Lars Magne Ingebrigtsen
2011-06-16 3:49 ` Ted Zlatanov
2011-06-16 8:32 ` Robert Pluim
2011-06-16 13:35 ` Ted Zlatanov
2011-06-16 20:28 ` Reiner Steib
2011-06-16 21:05 ` Lars Magne Ingebrigtsen
2011-06-17 1:03 ` should docstrings include all defcustom options? (was: netrc field encryption in auth-source) Ted Zlatanov
2011-06-17 7:17 ` netrc field encryption in auth-source Robert Pluim
2011-06-17 9:32 ` Ted Zlatanov
2011-06-17 9:53 ` Robert Pluim
2011-06-17 10:21 ` Ted Zlatanov
2011-06-21 19:32 ` Lars Magne Ingebrigtsen
2011-06-21 19:51 ` Ted Zlatanov
2011-06-21 20:19 ` Committing new smtpmail.el later tonight (was: netrc field encryption in auth-source) Lars Magne Ingebrigtsen
2011-06-21 21:01 ` Committing new smtpmail.el later tonight Lars Magne Ingebrigtsen
2011-06-21 22:07 ` Antoine Levitt
2011-06-21 22:17 ` Lars Magne Ingebrigtsen
2011-06-21 22:25 ` Antoine Levitt
2011-06-21 22:36 ` Lars Magne Ingebrigtsen
2011-06-21 22:46 ` Lars Magne Ingebrigtsen
2011-06-21 22:57 ` Lars Magne Ingebrigtsen
2011-06-22 9:01 ` Antoine Levitt
2011-06-22 8:27 ` Robert Pluim
2011-06-22 8:30 ` Lars Magne Ingebrigtsen
2011-06-22 8:52 ` Robert Pluim
2011-06-22 9:11 ` Lars Magne Ingebrigtsen
2011-06-22 9:17 ` Lars Magne Ingebrigtsen
2011-06-22 9:34 ` Robert Pluim
2011-06-22 9:41 ` Lars Magne Ingebrigtsen
2011-06-22 14:25 ` Lars Magne Ingebrigtsen
2011-06-22 14:49 ` Lars Magne Ingebrigtsen
2011-06-22 17:45 ` Robert Pluim
2011-06-22 18:48 ` Lars Magne Ingebrigtsen
2011-06-23 8:01 ` Robert Pluim
2011-06-22 15:51 ` Ted Zlatanov
2011-06-22 19:24 ` Lars Magne Ingebrigtsen
2011-06-22 20:27 ` Ted Zlatanov
2011-06-22 20:43 ` Lars Magne Ingebrigtsen
2011-06-22 21:36 ` Ted Zlatanov
2011-06-22 2:52 ` Eli Zaretskii
2011-06-22 14:53 ` Lars Magne Ingebrigtsen
2011-06-22 15:50 ` Robert Pluim
2011-06-22 16:19 ` Eli Zaretskii
2011-06-22 17:16 ` Ted Zlatanov
2011-06-22 19:50 ` Eli Zaretskii
2011-06-22 19:56 ` Lars Magne Ingebrigtsen
2011-06-22 21:32 ` Ted Zlatanov
2011-06-22 20:27 ` Stefan Monnier
2011-06-22 20:38 ` Lars Magne Ingebrigtsen
2011-06-22 20:53 ` Lars Magne Ingebrigtsen
2011-06-22 15:55 ` Ted Zlatanov
2011-06-22 16:51 ` Eli Zaretskii
2011-06-22 15:56 ` Ted Zlatanov
2011-06-30 13:16 ` netrc field encryption in auth-source Ted Zlatanov
2011-06-06 15:06 ` Opportunistic STARTTLS in smtpmail.el Stefan Monnier
2011-06-09 17:56 ` Lars Magne Ingebrigtsen
2011-06-10 20:44 ` Stefan Monnier
2011-05-03 15:20 ` client certs and CRL lists for GnuTLS (was: Opportunistic STARTTLS in smtpmail.el) Ted Zlatanov
2011-05-03 15:25 ` client certs and CRL lists for GnuTLS Lars Magne Ingebrigtsen
2011-05-03 15:47 ` Ted Zlatanov
2011-05-03 21:54 ` Lars Magne Ingebrigtsen
2011-05-04 1:39 ` Ted Zlatanov
2011-05-08 20:59 ` Chong Yidong
2011-05-09 10:52 ` Ted Zlatanov
2011-05-09 15:00 ` Chong Yidong
2011-05-09 15:30 ` Gnus ERT tests inside Emacs (was: client certs and CRL lists for GnuTLS) Ted Zlatanov
2011-05-09 15:46 ` Gnus ERT tests inside Emacs David Engster
2011-05-09 15:58 ` Ted Zlatanov
2011-05-11 21:36 ` Ted Zlatanov
2011-05-02 9:37 ` Emacs RPC security Julien Danjou
2011-05-02 18:57 ` Ted Zlatanov
2011-05-02 19:48 ` Stefan Monnier
2011-05-02 19:56 ` Ted Zlatanov
2011-05-02 22:56 ` Lars Magne Ingebrigtsen
2011-05-03 0:25 ` Ted Zlatanov
2011-05-03 0:51 ` Lars Magne Ingebrigtsen
2011-05-03 1:12 ` Ted Zlatanov
2011-05-03 1:16 ` Lars Magne Ingebrigtsen
2011-05-03 1:27 ` Ted Zlatanov
2011-05-03 1:34 ` Lars Magne Ingebrigtsen
2011-05-03 2:35 ` Stefan Monnier
2011-05-03 6:24 ` Harald Hanche-Olsen
2011-05-03 13:47 ` Stefan Monnier
2011-05-03 0:35 ` Stefan Monnier
2011-04-26 12:13 ` Emacs RPC Sebastian Rose
2011-04-26 13:18 ` Stefan Monnier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sjqsrew2.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.