From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Daiki Ueno <ueno@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5
Date: Sat, 08 Feb 2014 17:11:41 +0900
Message-ID: <87vbwqm3b6.fsf-ueno@gnu.org>
References: <87ha8f3jt1.fsf@building.gnus.org>
	<jwv61ovmv91.fsf-monnier+emacs@gnu.org>
	<87ppn2qz0f.fsf@building.gnus.org>
	<jwvk3dajo2w.fsf-monnier+emacs@gnu.org> <87y51qcace.fsf@lifelogs.com>
	<874n4e3rkm.fsf@uwakimon.sk.tsukuba.ac.jp>
	<87txcdd6d0.fsf@lifelogs.com>
	<87wqh8n877.fsf@uwakimon.sk.tsukuba.ac.jp>
	<87lhxocvfq.fsf@lifelogs.com>
	<87sirwmgd9.fsf@uwakimon.sk.tsukuba.ac.jp>
	<87d2j0ck3q.fsf@lifelogs.com> <m3lhxnthns.fsf-ueno@gnu.org>
	<87y51nb0jk.fsf@lifelogs.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1391847109 15444 80.91.229.3 (8 Feb 2014 08:11:49 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sat, 8 Feb 2014 08:11:49 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Feb 08 09:11:58 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1WC313-0008PV-Et
	for ged-emacs-devel@m.gmane.org; Sat, 08 Feb 2014 09:11:57 +0100
Original-Received: from localhost ([::1]:45591 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1WC312-0005sM-UV
	for ged-emacs-devel@m.gmane.org; Sat, 08 Feb 2014 03:11:56 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:35270)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ueno@gnu.org>) id 1WC30z-0005sF-W4
	for emacs-devel@gnu.org; Sat, 08 Feb 2014 03:11:54 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ueno@gnu.org>) id 1WC30t-0000YU-DM
	for emacs-devel@gnu.org; Sat, 08 Feb 2014 03:11:53 -0500
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:59769)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ueno@gnu.org>)
	id 1WC30t-0000YQ-9Y
	for emacs-devel@gnu.org; Sat, 08 Feb 2014 03:11:47 -0500
Original-Received: from du-a.org ([2001:e41:db5e:fb14::1]:48224 helo=debian)
	by fencepost.gnu.org with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <ueno@gnu.org>) id 1WC30s-0008Ic-GL
	for emacs-devel@gnu.org; Sat, 08 Feb 2014 03:11:46 -0500
In-Reply-To: <87y51nb0jk.fsf@lifelogs.com> (Ted Zlatanov's message of "Fri, 07
	Feb 2014 06:54:39 -0500")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2001:4830:134:3::e
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:169482
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/169482>

Ted Zlatanov <tzz@lifelogs.com> writes:

> design, is hard to use securely as an API.  As proof, consider the Java
> libraries to implement OpenPGP internally (BouncyCastle).  Similar
> situation in Go (http://godoc.org/code.google.com/p/go.crypto/openpgp).
>
> Is Emacs so different from those platforms, given applications like Gnus
> and Magit and eww?

Isn't it because those platforms provide more advanced memory management
mechanisms than Emacs?

> DU> - On the other hand, Emacs copies small strings around.  If passwords
> DU>   (normally not too long) are managed poorly in Emacs, they might appear
> DU>   repeatedly in a core file, when it crashes.
>
> Right, regardless of EPA/EPG's behavior, you *still* need passwords in
> the clear to open an IMAP connection, for instance.

I didn't mean one-time use of password like that.  I was talking about
the risk of keeping passwords in Emacs memory for a long time, as string
copy also happens in GC.

> I feel that, unless we wish to blame the user for not locking their
> desktop, Emacs should at least try to protect such passwords in its
> own "secure core."  It's surely possible and, I honestly believe, a
> worthy goal.  I think for that goal to happen *some day* we need the
> crypto primitives GnuTLS/libnettle/libhogweed provide, so we don't
> have to write our own.

Elisp access to crypto primitives doesn't help this either.  It must be
entirely written in C then, including IMAP protocol support.

By the way, speaking of IMAP, SASL-based authentication is currently
written in Elisp here and there.  Perhaps it could be rewritten with
libgsasl?  I think this is a concrete use-case, much convincing than
Elisp access to crypto primitives.
-- 
Daiki Ueno