From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/55760
Path: main.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: netrc.el now supports encoded files
Date: Tue, 06 Jan 2004 18:58:42 -0500
Organization: =?koi8-r?q?=F4=C5=CF=C4=CF=D2=20=FA=CC=C1=D4=C1=CE=CF=D7?= @
 Cienfuegos
Sender: ding-owner@lists.math.uh.edu
Message-ID: <4nfzesy6h9.fsf@collins.bwh.harvard.edu>
References: <4n3caut1yy.fsf@collins.bwh.harvard.edu>
	<q677k06orxc.fsf@L75001820.us.ray.com>
	<4nptdx99g3.fsf@collins.bwh.harvard.edu>
	<m2fzes7naz.fsf@catbert.dok.org>
	<4nwu84y967.fsf@collins.bwh.harvard.edu>
	<iluad50bqxj.fsf@latte.josefsson.org>
NNTP-Posting-Host: deer.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1073433613 25813 80.91.224.253 (7 Jan 2004 00:00:13 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Wed, 7 Jan 2004 00:00:13 +0000 (UTC)
Cc: ding@gnus.org
Original-X-From: ding-owner+M4300@lists.math.uh.edu Wed Jan 07 01:00:09 2004
Return-path: <ding-owner+M4300@lists.math.uh.edu>
Original-Received: from malifon.math.uh.edu ([129.7.128.13])
	by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 1Ae17J-0000A3-00
	for <ding-account@gmane.org>; Wed, 07 Jan 2004 01:00:09 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by malifon.math.uh.edu with smtp (Exim 3.20 #1)
	id 1Ae176-0002Sw-00; Tue, 06 Jan 2004 17:59:56 -0600
Original-Received: from justine.libertine.org ([66.139.78.221] ident=postfix)
	by malifon.math.uh.edu with esmtp (Exim 3.20 #1)
	id 1Ae172-0002Sr-00
	for ding@lists.math.uh.edu; Tue, 06 Jan 2004 17:59:52 -0600
Original-Received: from clifford.bwh.harvard.edu (clifford.bwh.harvard.edu [134.174.9.41])
	by justine.libertine.org (Postfix) with ESMTP id D0CAB3A0026
	for <ding@gnus.org>; Tue,  6 Jan 2004 17:59:51 -0600 (CST)
Original-Received: from collins.bwh.harvard.edu (collins [134.174.9.80])
	by clifford.bwh.harvard.edu (8.10.2+Sun/8.11.0) with ESMTP id i06Nwk727973;
	Tue, 6 Jan 2004 18:58:46 -0500 (EST)
Original-Received: from collins.bwh.harvard.edu (localhost [127.0.0.1])
	by collins.bwh.harvard.edu (8.12.9+Sun/8.11.0) with ESMTP id i06NwguB021596;
	Tue, 6 Jan 2004 18:58:42 -0500 (EST)
Original-Received: (from tzz@localhost)
	by collins.bwh.harvard.edu (8.12.9+Sun/8.12.9/Submit) id i06NwgNb021593;
	Tue, 6 Jan 2004 18:58:42 -0500 (EST)
Original-To: Chris Green <cmg@dok.org>
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Followup-To: Chris Green <cmg@dok.org>, ding@gnus.org
In-Reply-To: <iluad50bqxj.fsf@latte.josefsson.org> (Simon Josefsson's
 message of "Wed, 07 Jan 2004 00:25:28 +0100")
User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3.50 (usg-unix-v)
Precedence: bulk
Xref: main.gmane.org gmane.emacs.gnus.general:55760
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:55760

On Wed, 07 Jan 2004, jas@extundo.com wrote:

> Perhaps several levels are useful.  But none of this is enabled by
> default, is it?  I mean, users have to request encryption of
> .authinfo for it to happen, right?

Right, netrc-encrypting-method has to be set to something right now.

> But I'm not sure I see the advantage of b64 over plain-text.

grep -i password /home/*/.??*

would not work, for instance, if trivial obfuscation is applied.
It's better that the user makes the file unreadable to outsiders, but
in reality users don't realize this if it happens.

> Anyway, it sounds more and more like this could be a separate
> package.  "encrypt.el" is available, AFAICT.  Using various hooks,
> such a package might be able to work without the cooperation of Gnus
> at all.  Then you could request automatic encryption/decrypt of
> ~/.newsrc.eld by saying (add-to-list 'encrypt-file-alist
> '("~/.newsrc.eld."  gpg-symmetric)) or something like that.

I think cooperation is good.  Trying to hide the reality of the
situation - that we're encoding files with external utilities or
internal functions - is sure to cause problems in the long run.  I see
it in crypt++.el, and it's not pretty.  It interferes with many
packages.

I'd prefer that Gnus use the functions below, which will revert to the
regular Emacs functions unless they see the file in
gnus-encrypt-file-alist as you suggest above.  It's sort of a
compromise, but I think trying to be too clever won't work :)

> But that sounds like work, so simply adding gpg support to netrc.el
> might be sufficient.

I think I'd like to start on gnus-encrypt.el.  These functions will
be available:

gnus-encrypt-insert-file-contents
gnus-encrypt-write-file-contents

and these variables:

gnus-encrypt-file-alist

The format of that variable: list of filenames or regular expressions
matched with an encrypting/decrypting method.  Methods:

'(gpg PUBKEY) ; RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
'(gpg CIPHER) ; 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
'(openssl CIPHER) ; too many to list
'(internal CIPHER) ; rijndael, RC4, XOR, Base64 etc.

What do you think?  Any comments before I start coding?

Thanks
Ted