From: Juanma Barranquero <lekktu@gmail.com>
To: Michal Nazarewicz <mina86@mina86.com>
Cc: Michal Nazarewicz <mnazarewicz@google.com>,
Stefan Monnier <monnier@iro.umontreal.ca>,
emacs-devel@gnu.org
Subject: Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
Date: Sun, 1 May 2011 01:59:25 +0200 [thread overview]
Message-ID: <BANLkTime=DP2JrxOgP2HCPN0GT46RacZSQ@mail.gmail.com> (raw)
In-Reply-To: <87fwoz5oz1.fsf@erwin.mina86.com>
2011/5/1 Michal Nazarewicz <mina86@mina86.com>:
> Depending on how paranoid are we, MD5 could feel too weak though.
> (Also, one could wish for HMAC.)
I am not feeling particularly paranoid just now, seeing as we've been
using a cleartext authentication key for the past few years...
> Actually, server would have to generate the nonce. Otherwise, the
> authentication scheme would be prone to replay attacks and would really
> defy the purpose of nonce.
OK, I in fact prefer to generate the nonce in elisp.
> That would still break backward compatibility, wouldn't it? The old
> servers would not accept this command anyway. Unless server would issue
> it to client just after making connection. From what I see, the old
> clients would "only" print error message.
Yeah, but a failed -auth closes the connection and deletes the
process, while an unknown command just issues an error message. One
way or another, I don't think we can avoid the error message on the
emacsclient side.
> In the worst case, the client could first try the new authenticating
> scheme and on error reconnect with the old scheme.
Yes, but as the connection is closed, that adds a bit of complexity to
emacsclient that I'd like to avoid if possible.
Juanma
next prev parent reply other threads:[~2011-04-30 23:59 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-22 13:55 [PATCH] lisp/server.el: Introduction of server-auth-key variable Michal Nazarewicz
2011-04-29 11:30 ` Juanma Barranquero
2011-04-29 11:42 ` Michal Nazarewicz
2011-04-29 12:02 ` Juanma Barranquero
2011-04-29 12:43 ` Michal Nazarewicz
2011-04-29 14:34 ` Michal Nazarewicz
2011-04-30 6:39 ` Eli Zaretskii
2011-04-30 21:03 ` Richard Stallman
2011-04-30 22:24 ` Michal Nazarewicz
2011-04-29 16:22 ` Stefan Monnier
2011-04-29 16:35 ` Michal Nazarewicz
2011-04-29 17:09 ` Stefan Monnier
2011-04-30 14:31 ` Juanma Barranquero
2011-04-30 22:55 ` Michal Nazarewicz
2011-04-30 23:59 ` Juanma Barranquero [this message]
2011-05-01 0:44 ` Michal Nazarewicz
2011-05-01 0:58 ` Juanma Barranquero
2011-05-01 1:22 ` Michal Nazarewicz
2011-05-02 15:28 ` [PATCHv2] " Michal Nazarewicz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='BANLkTime=DP2JrxOgP2HCPN0GT46RacZSQ@mail.gmail.com' \
--to=lekktu@gmail.com \
--cc=emacs-devel@gnu.org \
--cc=mina86@mina86.com \
--cc=mnazarewicz@google.com \
--cc=monnier@iro.umontreal.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.