From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable Date: Fri, 29 Apr 2011 13:22:27 -0300 Message-ID: References: <835b9d42b15c18e5adf7381138f347061fbc17e8.1298381336.git.mina86@mina86.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1304094162 19167 80.91.229.12 (29 Apr 2011 16:22:42 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Fri, 29 Apr 2011 16:22:42 +0000 (UTC) Cc: Michal Nazarewicz , emacs-devel@gnu.org To: Michal Nazarewicz Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Apr 29 18:22:37 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QFqSj-0001w5-Lv for ged-emacs-devel@m.gmane.org; Fri, 29 Apr 2011 18:22:37 +0200 Original-Received: from localhost ([::1]:34527 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QFqSi-0008QJ-R5 for ged-emacs-devel@m.gmane.org; Fri, 29 Apr 2011 12:22:36 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:57490) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QFqSg-0008Q2-8l for emacs-devel@gnu.org; Fri, 29 Apr 2011 12:22:35 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QFqSf-00008w-EI for emacs-devel@gnu.org; Fri, 29 Apr 2011 12:22:34 -0400 Original-Received: from fencepost.gnu.org ([140.186.70.10]:50137) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QFqSf-00008r-AR for emacs-devel@gnu.org; Fri, 29 Apr 2011 12:22:33 -0400 Original-Received: from 121-249-126-200.fibertel.com.ar ([200.126.249.121]:23882 helo=ceviche.home) by fencepost.gnu.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1QFqSe-0008Uw-3Q; Fri, 29 Apr 2011 12:22:32 -0400 Original-Received: by ceviche.home (Postfix, from userid 20848) id 4FE4A660D4; Fri, 29 Apr 2011 13:22:27 -0300 (ART) In-Reply-To: <835b9d42b15c18e5adf7381138f347061fbc17e8.1298381336.git.mina86@mina86.com> (Michal Nazarewicz's message of "Tue, 22 Feb 2011 14:55:00 +0100") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 140.186.70.10 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:138903 Archived-At: > +In some situations however, it can be difficult to share randomly > +generated password with remote hosts (eg. no shared directory), ssh/scp work fine for me. > +so you can set the key with this variable and then copy server > +file to remote host (with possible changes to IP address and/or > +port if that applies). IIUC this only makes sense if you want to use a shared key that you keep for a "long" time (since the intention is to reduce the frequency of key-distribution). Now the server keys are sent in the clear over the network, so the security we provide is rather minimal. OT1H that means your patch should be OK since we don't really have security anyway. OTOH it means that it makes the security threat more serious. Stefan PS: emacsclient should really try not to send the key in cleartext, but instead send something like "nonce,hash(nonce,key)".