Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5

From:	Ted Zlatanov
Subject:	Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5
Date:	Sat, 08 Feb 2014 11:59:55 -0500
User-agent:	Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)

On Sat, 08 Feb 2014 17:11:41 +0900 Daiki Ueno <address@hidden> wrote: 

DU> Ted Zlatanov <address@hidden> writes:
>> design, is hard to use securely as an API.  As proof, consider the Java
>> libraries to implement OpenPGP internally (BouncyCastle).  Similar
>> situation in Go (http://godoc.org/code.google.com/p/go.crypto/openpgp).
>> 
>> Is Emacs so different from those platforms, given applications like Gnus
>> and Magit and eww?

DU> Isn't it because those platforms provide more advanced memory management
DU> mechanisms than Emacs?

I think it's for more practical reasons, like "we don't want to force
our user base to use GnuPG because it doesn't work for everyone."
That's my guess.

DU> I was talking about the risk of keeping passwords in Emacs memory
DU> for a long time, as string copy also happens in GC.

OK.

>> I feel that, unless we wish to blame the user for not locking their
>> desktop, Emacs should at least try to protect such passwords in its
>> own "secure core."  It's surely possible and, I honestly believe, a
>> worthy goal.  I think for that goal to happen *some day* we need the
>> crypto primitives GnuTLS/libnettle/libhogweed provide, so we don't
>> have to write our own.

DU> Elisp access to crypto primitives doesn't help this either.  It must be
DU> entirely written in C then, including IMAP protocol support.

I agree that the solution must be comprehensive and I mentioned ELisp
access could be considered a "tainting" of the secret data.  I don't
think ELisp access to the crypto primitives is required, but for ERT
testing for instance it could be allowed with an explicit command-line
option.

DU> By the way, speaking of IMAP, SASL-based authentication is currently
DU> written in Elisp here and there.  Perhaps it could be rewritten with
DU> libgsasl?  I think this is a concrete use-case, much convincing than
DU> Elisp access to crypto primitives.

I think that would be good and doing it through FFI would be a good use
of that facility, when it's available.  I would assume the
lisp/net/sasl.el you wrote is the natural integration point.

Ted

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, (continued)
- Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Ted Zlatanov, 2014/02/04
  - Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Paul Eggert, 2014/02/04
    - Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Ted Zlatanov, 2014/02/04
    - Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Paul Eggert, 2014/02/04
    - Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Ted Zlatanov, 2014/02/04
    - Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Paul Eggert, 2014/02/04
    - Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Ted Zlatanov, 2014/02/04
    - Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Lars Ingebrigtsen, 2014/02/04
    - Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5, Daiki Ueno, 2014/02/05

Prev by Date: Re: [PATCH] Add GPG compatible symmetric encryption command
Next by Date: Error in pre-redisplay-function
Previous by thread: Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5
Next by thread: Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5
Index(es):
- Date
- Thread