Re: Opportunistic STARTTLS in smtpmail.el

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Opportunistic STARTTLS in smtpmail.el

From:	Ted Zlatanov
Subject:	Re: Opportunistic STARTTLS in smtpmail.el
Date:	Tue, 03 May 2011 20:37:10 -0500
User-agent:	Gnus/5.110016 (No Gnus v0.16) Emacs/24.0.50 (gnu/linux)

On Wed, 04 May 2011 00:04:06 +0200 Lars Magne Ingebrigtsen <address@hidden> 
wrote: 

LMI> Ted Zlatanov <address@hidden> writes:
>> For example:
>> 
>> (setq auth-sources '((:source (:user tzz :keyfile "mykeyfile" :host "myhost" 
>> :port 587))
>> "~/.authinfo.gpg"))
>> 
>> I think that's cleaner since the inlined data maps nicely to the netrc 
>> format.

LMI> Won't this still require opening the ~/.authinfo.gpg file, or does it
LMI> stop searching after you've find the first match?

With :max 1 it will stop after the first match.  This is why I usually
specify :max 1 when I use `auth-search'.

LMI> Anyway, I don't really like having long, complicated user-exposed
LMI> variables.  Users usually mess them up.  Putting stuff like this in a
LMI> file seems like a nice feature.  

OK.

LMI> That is, if we allow lines like

LMI> machine smtp.mail.host login foo password .secrets.gpg:smtp1 port smtp 
keyfile mykeyfile

LMI> in ~/.authinfo and then have a ~/.secrets.gpg file with

LMI> smtp1 password bar

LMI> we could allow mixing the queries for open and secret credentials.

I see.  I think we can avoid this kind of complication:

LMI> The typical usage will be

LMI> (auth-source-search :host "smtp.mail.hos" :port "smtp")

LMI> which would return an auth-source object, but will not read
LMI> ~/.secrets.gpg.  If we look at elements like :keyfile, we'll find the
LMI> :keyfile element.  If, however, we try to access the :password element,
LMI> auth-source.el will *then* open ~/.secrets.gpg, read it, and return the
LMI> password.

LMI> So we defer reading the ~/.secrets.gpg file to the very last possible
LMI> moment -- which is when we know that we actually need it.

Let the user choose.  The query is:

(auth-source-search :host "smtp.mail.hos" :port "smtp" :keyfile t :max 1)

to find the first entry that has a keyfile and

(auth-source-search :host "smtp.mail.hos" :port "smtp" :secret t :max 1)

to find the first entry that has a secret.  So these two lines:

machine smtp.mail.hos port smtp keyfile xyz
machine smtp.mail.hos port smtp password mypass login myuser

can be separated into a plain file and an encrypted file, or combined:

machine smtp.mail.hos port smtp password mypass login myuser keyfile xyz

which as a single line can live in a plain file or an encrypted file.

Ted

[Prev in Thread]

Current Thread

[Next in Thread]

Opportunistic STARTTLS in smtpmail.el (was: Emacs RPC security), (continued)

Prev by Date: Re: [PATCH] GnuTLS support on Woe32
Next by Date: Re: client certs and CRL lists for GnuTLS
Previous by thread: Re: Opportunistic STARTTLS in smtpmail.el
Next by thread: Re: Opportunistic STARTTLS in smtpmail.el
Index(es):
- Date
- Thread