Re: Opportunistic STARTTLS in smtpmail.el

[Ted Zlatanov]

On Tue, 31 May 2011 22:29:51 -0300 Stefan Monnier <address@hidden> wrote: 

>> (Just to be clear: my proposed format is
>> "login joe password gpg:ABCD123456" where the gpg: data decodes to
>> ((data "mysecret") (salt "mysalt")) and no other values besides the
>> data are used outside; a gpg: value can only yield one piece of
>> data and only needs to be decoded when you need the actual data.)

SM> I have a question about this: does the Gnome keychain tool (as well as
SM> comparable tools for other systems) offer the possibility to know if
SM> a password exists without having first granted access to that
SM> password?

Yes, you can usually search without retrieving the secret.  But why does
it matter what the Gnome tools do?  The netrc format is not connected to
the Secrets API or any other keychain-style backends at all.

SM> If not, then we will need an smtpmail-use-auth variable anyway, so the
SM> above gymnastic will be unnecessary.

I think it's necessary no matter what.  We've had several suggestions
(from me, Lars, and Daiki Ueno) for something like what I'm proposing.
It's definitely useful.

Speaking of which, I think in addition to gpg: tokens we should support
crypt: tokens (using the native OS crypt call) and MD4 or some other
symmetric cipher simple enough to implement in ELisp.  GPG is not
necessarily available or wanted.

Ted