Re: more on starttls, gnutls-cli and using tls for mail

[Tim Cross]

On Tue, Aug 16, 2011 at 1:21 AM, Roland Winkler <address@hidden> wrote:
> On Sun Aug 14 2011 Karl Fogel wrote:
>> Offering encryption is great, but it's also very complex and
>> error-prone (as the bug reports show). There will always be a
>> plaintext case, since users cannot be required to have GPG-like
>> software installed. In the plaintext case, we could behave better
>> than we do.
>
> I see, yes, your perspective is yet different but equally valid!
>
>> But it sounds like we probably agree on this too, and I should
>> just make the change :-).
>
> What kind of solution you have in mind? Just changing the file mode
> bits?  Could it also help to use ~/.emacs.d?
>
> Roland
>
>

Changing the mode of the file would seem like a minimal first
necessary step. Programs like ssh and gpg make sure that files they
manage have good/sound access permissions and emacs should do the same
with potentially sensitive data like this. Things like ssh even go so
far as to refuse to operate if certain files don't have a resrictive
(user only) access mode.

As to whether these files should go into .emacs.d, I'm not sure. I
guess it does reduce clutter within the home directory, but I don't
think it aids much to security.

It probably wouldn't be a bad idea if emacs, when detecting a palin
text authinfo file, did perhaps suggest using encryption and provide a
link to more information. However, how to do this and not end up with
something which continually nags people who have made the concious
decision not to encrypt is possibly mroe effort than its worth.

Tim