From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: Emacs RPC security Date: Mon, 25 Apr 2011 14:43:47 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87sjt6jevg.fsf@lifelogs.com> References: <87d3kal0za.fsf@lifelogs.com> <874o5mky4o.fsf@lifelogs.com> <4DB5BA9E.5060309@gmail.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1303760651 20638 80.91.229.12 (25 Apr 2011 19:44:11 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 25 Apr 2011 19:44:11 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Apr 25 21:44:07 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QERhW-0001ja-0T for ged-emacs-devel@m.gmane.org; Mon, 25 Apr 2011 21:44:06 +0200 Original-Received: from localhost ([::1]:35261 helo=lists2.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QERhV-0001Ga-Gu for ged-emacs-devel@m.gmane.org; Mon, 25 Apr 2011 15:44:05 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:54537) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QERhR-0001G3-Di for emacs-devel@gnu.org; Mon, 25 Apr 2011 15:44:02 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QERhQ-0007QG-IV for emacs-devel@gnu.org; Mon, 25 Apr 2011 15:44:01 -0400 Original-Received: from lo.gmane.org ([80.91.229.12]:36524) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QERhQ-0007Q9-Bg for emacs-devel@gnu.org; Mon, 25 Apr 2011 15:44:00 -0400 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1QERhO-0001g6-Ki for emacs-devel@gnu.org; Mon, 25 Apr 2011 21:43:58 +0200 Original-Received: from 38.98.147.130 ([38.98.147.130]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 25 Apr 2011 21:43:58 +0200 Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 25 Apr 2011 21:43:58 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 28 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 38.98.147.130 X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" User-Agent: Gnus/5.110016 (No Gnus v0.16) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:k6lUE6Sp4Y13J1cujaHS05STeu4= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 80.91.229.12 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:138764 Archived-At: On Mon, 25 Apr 2011 11:17:02 -0700 Daniel Colascione wrote: DC> On 4/25/11 11:02 AM, Ted Zlatanov wrote: >> Of course, since the security is so weak right now, no one is using it >> outside a limited one-user so you haven't seen any unusual cases. I >> would use it personally as a remote password server so all my >> auth-source data doesn't live on all the machines I use. I would also >> use it to implement a remote synchronization facility for Gnus and BBDB. DC> That's a fine goal, but you don't need to implement the requisite DC> security in Emacs proper. stunnel will give you a secure channel and, DC> with client certificates, can authenticate both parties. I'd rather not rely on stunnel or any other external utilities. My experience with supporting them with Gnus, especially for W32 users, has been painful. DC> I'd prefer not to have a GnuTLS server in Emacs right now. Even if stunnel works for some cases, I don't see why you're against a built-in GnuTLS server now. Are you concerned about performance and memory usage, code bloat and maintenance cost, security issues, documentation, user confusion, or something else? Or do you mean you want to delay the functionality until something else is done? Thanks Ted