From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Daiki Ueno <ueno@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5
Date: Wed, 05 Feb 2014 17:19:13 +0900
Message-ID: <m3ha8ex98e.fsf-ueno@gnu.org>
References: <87ha8f3jt1.fsf@building.gnus.org>
	<jwv61ovmv91.fsf-monnier+emacs@gnu.org>
	<87ppn2qz0f.fsf@building.gnus.org>
	<jwvk3dajo2w.fsf-monnier+emacs@gnu.org> <87y51qcace.fsf@lifelogs.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1391588355 13557 80.91.229.3 (5 Feb 2014 08:19:15 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 5 Feb 2014 08:19:15 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Feb 05 09:19:24 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1WAxha-0005mi-MN
	for ged-emacs-devel@m.gmane.org; Wed, 05 Feb 2014 09:19:22 +0100
Original-Received: from localhost ([::1]:57879 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1WAxha-0006Us-3U
	for ged-emacs-devel@m.gmane.org; Wed, 05 Feb 2014 03:19:22 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36869)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ueno@gnu.org>) id 1WAxhX-0006Um-HH
	for emacs-devel@gnu.org; Wed, 05 Feb 2014 03:19:20 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ueno@gnu.org>) id 1WAxhW-0006NY-5r
	for emacs-devel@gnu.org; Wed, 05 Feb 2014 03:19:19 -0500
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:53544)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ueno@gnu.org>)
	id 1WAxhW-0006NU-3N
	for emacs-devel@gnu.org; Wed, 05 Feb 2014 03:19:18 -0500
Original-Received: from du-a.org ([2001:e41:db5e:fb14::1]:42959
	helo=localhost.localdomain)
	by fencepost.gnu.org with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <ueno@gnu.org>) id 1WAxhV-0001bi-IO
	for emacs-devel@gnu.org; Wed, 05 Feb 2014 03:19:17 -0500
In-Reply-To: <87y51qcace.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 05
	Feb 2014 02:00:49 -0500")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2001:4830:134:3::e
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:169408
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/169408>

Ted Zlatanov <tzz@lifelogs.com> writes:

> Please see my objection to loose coupling of encryption primitives in
> particular.

Didn't I post a link to the idea of this loose coupling?  It is mainly
for security reasons.  For example, there's usually a limit of secure
memory and it makes sense to do all the secret key operation in a
minimal core (gpg-agent) to utilize it.

I don't think you can provide the same level of security using
encryption primitives within Emacs.

> Right.  Shelling out to an external binary every time you want to verify
> a package's signature or want to encrypt/decrypt/sign data makes perfect
> sense.

At least it works at acceptable performance now.

> Blindly entering your passphrase in an anonymous popup that says it's
> from the GnuPG agent is how things are done.

This could be fixed.  Sounds definitely easier than importing plenty of
crypto primitives from a C library.

> Trusting loosely coupled components is standard industry practice.

See above.

> Forcing users to do all of that, or "no encryption for you" is for their
> own good, on every platform where Emacs runs, from Android to W32 to Mac
> OS X to many flavors of Unix.  Users are just too stupid to decide these
> things on their own.

I don't get it.  Are there any platforms where Emacs work, while GPG
does not?

> Is that how experts with a crypto/security background do it?  I'm
> understanding now.

Better than letting you write encryption code for me.

Case study (sorry Jose):
https://lists.gnu.org/archive/html/bug-recutils/2012-04/msg00001.html

I can easily imagine you will make similar (or more serious) mistakes
here and there, once crypto primitives are available.
-- 
Daiki Ueno