From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Carsten Mattner Newsgroups: gmane.emacs.devel Subject: Re: NaCl support for Emacs Date: Mon, 9 Jan 2012 18:48:58 +0100 Message-ID: References: <87wr976otx.fsf@lifelogs.com> <87ipkq6yy5.fsf@lifelogs.com> <87boqi6tzz.fsf@linux-hvfx.site> <87ehve3ul8.fsf@lifelogs.com> <87lipl22xm.fsf@lifelogs.com> <87boqh20ha.fsf@lifelogs.com> <871urc46c9.fsf@uwakimon.sk.tsukuba.ac.jp> <739bsoysp.fsf@news.eternal-september.org> <87ty47r5yt.fsf@lifelogs.com> <87k452p5u3.fsf@lifelogs.com> <87liphne9e.fsf_-_@lifelogs.com> <87boqcn76b.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1326131358 29184 80.91.229.12 (9 Jan 2012 17:49:18 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 9 Jan 2012 17:49:18 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jan 09 18:49:14 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1RkJLN-0001UZ-Qa for ged-emacs-devel@m.gmane.org; Mon, 09 Jan 2012 18:49:14 +0100 Original-Received: from localhost ([::1]:58693 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RkJLM-0007qY-VO for ged-emacs-devel@m.gmane.org; Mon, 09 Jan 2012 12:49:12 -0500 Original-Received: from eggs.gnu.org ([140.186.70.92]:50433) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RkJLG-0007o8-9M for emacs-devel@gnu.org; Mon, 09 Jan 2012 12:49:10 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RkJLA-00042j-Al for emacs-devel@gnu.org; Mon, 09 Jan 2012 12:49:06 -0500 Original-Received: from mail-wi0-f169.google.com ([209.85.212.169]:46800) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RkJLA-00042c-3b for emacs-devel@gnu.org; Mon, 09 Jan 2012 12:49:00 -0500 Original-Received: by wibhq12 with SMTP id hq12so4018960wib.0 for ; Mon, 09 Jan 2012 09:48:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=kiLr8r278RjLEEuqcRsIerx53T3z6SrRwienRqWV6jA=; b=gDK5QaVPN+d9SQPw8qxOO27sVmOpc8KXoaPQLbMfknyooJSsT+2SS7c1ycNczTMd+O dr+V78KMsF+dCszAl15kl4VjOFXLy7IZyFG6STjKPb3I/1t6PeSvEgo5XaFYrwW4EXc3 rDlXdIyR/34mp27D3gqfKT7Hh3yvUKcY81Gk0= Original-Received: by 10.180.83.72 with SMTP id o8mr6349760wiy.22.1326131339171; Mon, 09 Jan 2012 09:48:59 -0800 (PST) Original-Received: by 10.223.96.75 with HTTP; Mon, 9 Jan 2012 09:48:58 -0800 (PST) In-Reply-To: <87boqcn76b.fsf@lifelogs.com> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 209.85.212.169 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:147524 Archived-At: 2012/1/9 Ted Zlatanov : > On Mon, 9 Jan 2012 17:43:58 +0100 Carsten Mattner wrote: > > CM> On Mon, Jan 9, 2012 at 4:30 PM, Stefan Monnier wrote: >>>> I'm interested in bringing in support for the NaCl cryptographic libra= ry >>>> for Emacs, after 24.1 is out. =A0There is info on NaCl here: >>> >>> While it might be an interesting feature to provide for future Elisp >>> packages, its immediate usefulness is much less obvious, so the kind of >>> compile-time linking model we use for things like libgnutls would not b= e >>> appropriate (e.g. Debian wouldn't want to add nacl as a dependency if >>> it's not actually used). >>> >>> OTOH that might be a good motivation to add support for dynamic loading >>> of extension libraries. > > CM> Only if NaCl's "Automatic CPU-specific tuning" can be done at run-tim= e > CM> and not only at compile-time. Ted, what's the status with that? > > If we manage it as a GNU ELPA package with an included tarball, so it's > downloaded and compiled locally, sure. =A0But otherwise yeah, it's not so > nice. =A0NaCl is a nice library with no community, AFAICT, and that's That sounds like a good plan :). > really my biggest concern about integrating with it. =A0There's no place > to propose changes or get updates. NaCl's design goals, implementation and patent cleanness make it attractive to anyone who's had to make use of any kind of cipher functionality. If there's no forum, I suggest addressing the authors listed in http://cr.yp.to/highspeed/coolnacl-20111201.pdf If you're bound by FIPS rules, your choices are limited and different. I wouldn't put much weight on that. djb has time and time again proven that his work is solid and provides less attack surface. Part of the reason that there's much asm code involved may be that NaCl avoids timing attacks by design. I'd definitely favor NaCl, just because they provide a simple API with know= n safe defaults. Way safer than using OpenSSL without a the required crypto background. Most bugs surface in combination of the different tools from a crypto lib, because too much code is written without being aware of all the semantics o= f the used ciphers and modes.