[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: smime.el: security concerns?
From: |
Richard Stallman |
Subject: |
Re: smime.el: security concerns? |
Date: |
Fri, 13 Jul 2007 19:08:57 -0400 |
- `call-process' / `call-process-region' (temporary files in /tmp/?)
- environment variable(s) for password passing
- documentation encourages use of un-passworded .pem
- password caching via elisp instead of external agent
- personally avoid, even for tramp + SSH
- the very manual .pem key/crt setup was tricky
We have eliminated the same problems in the rest of Emacs; shouldn't
we fix smime.el to get rid if them too?