[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: smime.el: security concerns?
From: |
timotheus |
Subject: |
Re: smime.el: security concerns? |
Date: |
Fri, 13 Jul 2007 13:09:54 -0400 |
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/23.0.51 (gnu/linux) |
Reiner Steib <address@hidden> writes:
> On Fri, Jul 13 2007, timotheus wrote:
>
>> ... `smime.el' has some security, feature, and
>> ease-of-use concerns too.
>
> If there are any security concerns wrt `smime.el', please report them.
>
> Bye, Reiner.
> --
It is more a matter of opinion, but I once noticed the following with
`smime.el'.
- `call-process' / `call-process-region' (temporary files in /tmp/?)
- environment variable(s) for password passing
- documentation encourages use of un-passworded .pem
- password caching via elisp instead of external agent
- personally avoid, even for tramp + SSH
- the very manual .pem key/crt setup was tricky
Some of them you mention in the comments. EasyPG mentions some of them
in its comments/docs wrt other Emacs cryptography libraries. Not a big
deal, perhaps.
-timotheus
pgptOXPMe4mi8.pgp
Description: PGP signature