From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: Opportunistic STARTTLS in smtpmail.el Date: Thu, 02 Jun 2011 09:20:50 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87wrh4b9h9.fsf@lifelogs.com> References: <87liyndz5l.fsf@lifelogs.com> <87y61nnpoq.fsf@lifelogs.com> <87fwnuacc5.fsf@lifelogs.com> <878vtmo081.fsf@lifelogs.com> <87tycamhmv.fsf@lifelogs.com> <87pqmxvfoh.fsf@lifelogs.com> <87sjrttwh8.fsf@lifelogs.com> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1307024701 12491 80.91.229.12 (2 Jun 2011 14:25:01 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Thu, 2 Jun 2011 14:25:01 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Jun 02 16:24:57 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QS8pU-00088Q-S2 for ged-emacs-devel@m.gmane.org; Thu, 02 Jun 2011 16:24:57 +0200 Original-Received: from localhost ([::1]:54992 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QS8pT-000233-Ob for ged-emacs-devel@m.gmane.org; Thu, 02 Jun 2011 10:24:55 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:45680) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QS8lq-0001Ky-FC for emacs-devel@gnu.org; Thu, 02 Jun 2011 10:21:12 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QS8ln-0003Ic-Fb for emacs-devel@gnu.org; Thu, 02 Jun 2011 10:21:10 -0400 Original-Received: from lo.gmane.org ([80.91.229.12]:53411) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QS8lm-0003IH-W1 for emacs-devel@gnu.org; Thu, 02 Jun 2011 10:21:07 -0400 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1QS8ll-0005oK-8b for emacs-devel@gnu.org; Thu, 02 Jun 2011 16:21:05 +0200 Original-Received: from 38.98.147.130 ([38.98.147.130]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 02 Jun 2011 16:21:05 +0200 Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 02 Jun 2011 16:21:05 +0200 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 102 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 38.98.147.130 X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:CcAapB3bDYT2SB4TAa5MUFNezUw= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 80.91.229.12 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:140066 Archived-At: On Thu, 02 Jun 2011 09:24:38 -0300 Stefan Monnier wrote: SM> I'm not convinced it would be a good thing, but as long as we encourage SM> users to use authinfo.gpg, then any code using auth-source.el will want SM> to decide whether authentication is needed *before* calling auth-source SM> since that call may prompt the user for a password. SM> And if the code has to make that decision before calling auth-source, SM> there's no real benefit to having field-encryption. What you described does not require us to deprecate authinfo.gpg, only demote it. I think making it the second choice in the `auth-sources' list, as I suggested, is sufficient, and will let users who have already set it up keep using it without changing the default. On Thu, 02 Jun 2011 20:45:40 +0900 Daiki Ueno wrote: DU> That reminds me of Lars' post on the Gnus list: DU> http://article.gmane.org/gmane.emacs.gnus.general/77172 DU> in the discussion: DU> http://thread.gmane.org/gmane.emacs.gnus.general/77009/focus=77143 DU> where I suggested to have a separate file to store unencrypted DU> information along with authinfo.gpg. I can't remember what was the DU> conclusion :) The discussion petered out, and your proposal was . I think my current proposal is a continuation of http://thread.gmane.org/gmane.emacs.gnus.general/77009/focus=77208 where I propose something similar. The key difference is Lars' idea of encrypting only pieces of an otherwise unencrypted file. On Thu, 02 Jun 2011 22:44:59 +0900 Daiki Ueno wrote: DU> Ted Zlatanov writes: >> It will be less necessary as the first `auth-sources' choice, but still >> useful, as Robert noted (I see case 2 as "encrypted tokens" since any >> token can be encrypted in my proposal). DU> Could you define the word "token"? I have thought that it is an opaque DU> value which connects unencrypted data to encrypted data. However, it DU> seems not. In netrc files, tokens are any keys or values. Unfortunately the word is overused and confusing in our context. Sorry. I'll use "netrc field encryption" from now on. >> I'll simply make `auth-sources' ("~/.authinfo" "~/.authinfo.gpg") >> >> which as a default will work fine. Creation prompts will target the >> first one. The users can put insecure or token-encrypted data in the >> first one and use the second one for more secure storage. DU> Though I can't say anything without the detail of your proposal, I feel DU> you are oversimplifying. Why? Have you tried it? It will work immediately, without any code changes. The netrc field encryption is an add-on that doesn't affect the general `auth-sources' and `auth-source-search' interaction. DU> Anyway I will be happy if: DU> - Gnus does not ask password when connecting to password-less services It doesn't. EPA/EPG may ask for a passphrase if `auth-sources' points to a GPG-encrypted file, when and if `auth-source-search' hits that file. Usually :max 1 is specified for `auth-source-search' so it will stop after the first match. So, assuming my proposed change to `auth-sources' above is installed, if ~/.authinfo is unencrypted and the user puts parameters there, there should be no prompting at all because `auth-source-search' won't hit ~/.authinfo.gpg. DU> - Gnus does not store my passwords in plain text files by default That's a personal preference. It's inevitable, for instance, to use the ~/.netrc unencrypted file if you want libcurl to authenticate HTTP. So if you are forced into that situation (e.g. because you must use Git), you may as well use ~/.netrc as an `auth-sources' entry. The netrc field encryption will alleviate this problem but IMO it must be at least the user's decision and we can't pick a default that will make everyone happy. DU> - Gnus can hide server or user names (or other attributes) if necessary The netrc field encryption will work on any value, not just passwords. You could even use it on keys, though that seems silly. DU> Otherwise, no persistent password store is much better for me... You could also use the Secrets API or propose a new `auth-sources' backend that fits your needs (your expertise is greatly appreciated). I like the idea of a pure-data backend, for instance, where all the data is in the `auth-sources' entry directly. I would implement it if people needed it, but it seems everyone prefers data formats they can share with programs outside Emacs. Ted