From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5 Date: Sat, 08 Feb 2014 11:59:55 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87wqh5a6b8.fsf@lifelogs.com> References: <87ha8f3jt1.fsf@building.gnus.org> <87ppn2qz0f.fsf@building.gnus.org> <87y51qcace.fsf@lifelogs.com> <874n4e3rkm.fsf@uwakimon.sk.tsukuba.ac.jp> <87txcdd6d0.fsf@lifelogs.com> <87wqh8n877.fsf@uwakimon.sk.tsukuba.ac.jp> <87lhxocvfq.fsf@lifelogs.com> <87sirwmgd9.fsf@uwakimon.sk.tsukuba.ac.jp> <87d2j0ck3q.fsf@lifelogs.com> <87y51nb0jk.fsf@lifelogs.com> <87vbwqm3b6.fsf-ueno@gnu.org> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1391878808 8813 80.91.229.3 (8 Feb 2014 17:00:08 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 8 Feb 2014 17:00:08 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Feb 08 18:00:17 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WCBGJ-0006Of-2a for ged-emacs-devel@m.gmane.org; Sat, 08 Feb 2014 18:00:15 +0100 Original-Received: from localhost ([::1]:47292 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WCBGI-0007lW-OV for ged-emacs-devel@m.gmane.org; Sat, 08 Feb 2014 12:00:14 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:55752) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WCBG9-0007Yz-Q6 for emacs-devel@gnu.org; Sat, 08 Feb 2014 12:00:10 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WCBG5-0003DV-ET for emacs-devel@gnu.org; Sat, 08 Feb 2014 12:00:05 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]:33654) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WCBG5-0003B7-8j for emacs-devel@gnu.org; Sat, 08 Feb 2014 12:00:01 -0500 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1WCBG3-00069b-TJ for emacs-devel@gnu.org; Sat, 08 Feb 2014 17:59:59 +0100 Original-Received: from c-98-229-61-72.hsd1.ma.comcast.net ([98.229.61.72]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 08 Feb 2014 17:59:59 +0100 Original-Received: from tzz by c-98-229-61-72.hsd1.ma.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 08 Feb 2014 17:59:59 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 48 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: c-98-229-61-72.hsd1.ma.comcast.net X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) Cancel-Lock: sha1:TZT8gnKV8+B0DQAmrPAhu1CmeB8= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:169493 Archived-At: On Sat, 08 Feb 2014 17:11:41 +0900 Daiki Ueno wrote: DU> Ted Zlatanov writes: >> design, is hard to use securely as an API. As proof, consider the Java >> libraries to implement OpenPGP internally (BouncyCastle). Similar >> situation in Go (http://godoc.org/code.google.com/p/go.crypto/openpgp). >> >> Is Emacs so different from those platforms, given applications like Gnus >> and Magit and eww? DU> Isn't it because those platforms provide more advanced memory management DU> mechanisms than Emacs? I think it's for more practical reasons, like "we don't want to force our user base to use GnuPG because it doesn't work for everyone." That's my guess. DU> I was talking about the risk of keeping passwords in Emacs memory DU> for a long time, as string copy also happens in GC. OK. >> I feel that, unless we wish to blame the user for not locking their >> desktop, Emacs should at least try to protect such passwords in its >> own "secure core." It's surely possible and, I honestly believe, a >> worthy goal. I think for that goal to happen *some day* we need the >> crypto primitives GnuTLS/libnettle/libhogweed provide, so we don't >> have to write our own. DU> Elisp access to crypto primitives doesn't help this either. It must be DU> entirely written in C then, including IMAP protocol support. I agree that the solution must be comprehensive and I mentioned ELisp access could be considered a "tainting" of the secret data. I don't think ELisp access to the crypto primitives is required, but for ERT testing for instance it could be allowed with an explicit command-line option. DU> By the way, speaking of IMAP, SASL-based authentication is currently DU> written in Elisp here and there. Perhaps it could be rewritten with DU> libgsasl? I think this is a concrete use-case, much convincing than DU> Elisp access to crypto primitives. I think that would be good and doing it through FFI would be a good use of that facility, when it's available. I would assume the lisp/net/sasl.el you wrote is the natural integration point. Ted