Re: GNU Emacs-libnettle-libhogweed integration patch v1

[Stefan Monnier <monnier@iro.umontreal.ca>]

> I certainly hope others see the utility of the work, especially so I can
> implement OpenPGP support and avoid depending on the external GnuPG
> binary for verifying package signatures.

Yes, we've been through this in the past, and my position is still the
same: I don't want to have to maintain an OpenPGP implementation in
Emacs when we can outsource this maintenance to the GPG guys.  We have
enough trouble with code we can't outsource.  Especially for code that
touches security and cryptography where it's all too easy to make very
subtle mistakes.

IOW I wouldn't oppose bindings to a libgpg on the same grounds (tho
such bindings probably wouldn't be very useful if all they do is
replace a dependency on "external gpg executable" with a dependency on
libgpg, where libgpg is not more likely to be installed than gpg).

> It would also let me implement binary signatures of Emacs data (to
> make sure it's not corrupted)

I don't know what that is.

> and true secrets (Lisp data strings that can't be decoded without the
> right key).

We try our best to make sure Emacs doesn't crash on the user.
That's a very far cry from making Emacs code sufficiently secure that
the data we keep in Emacs heap can be considered secret.
And even besides latent security holes, I don't even know how you
intend to make such a "secret" work (who'd be prevented from
seeing/using it?).

IOW it's much too hypothetical to justify accepting such bindings.

> the Nettle patch is accepted, so it would have been nice to state your
> opposal earlier.  I certainly stated my intentions clearly.

I stated it many times already in earlier discussions.


        Stefan