From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/64937
Path: news.gmane.org!not-for-mail
From: timotheus <timotheus@tstotts.net>
Newsgroups: gmane.emacs.devel,gmane.mail.mh-e.devel,gmane.emacs.gnus.general
Subject: Re: smime.el: security concerns?
Date: Fri, 13 Jul 2007 13:09:54 -0400
Message-ID: <m2tzs8b57h.fsf@tstotts.net>
References: <m2k5t6z30f.fsf@tstotts.net> <E1I968U-0002ug-Kc@fencepost.gnu.org>
	<878x9k50ow.fsf@olgas.newt.com> <m23azscp4e.fsf@tstotts.net>
	<v9wsx4xowf.fsf_-_@marauder.physik.uni-ulm.de>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1835671138=="
X-Trace: sea.gmane.org 1184346633 1767 80.91.229.12 (13 Jul 2007 17:10:33 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Fri, 13 Jul 2007 17:10:33 +0000 (UTC)
Cc: mh-e-devel@lists.sourceforge.net, ding@gnus.org
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Jul 13 19:10:30 2007
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1I9Oex-0007XJ-8W
	for ged-emacs-devel@m.gmane.org; Fri, 13 Jul 2007 19:10:27 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1I9Oew-0006ld-KS
	for ged-emacs-devel@m.gmane.org; Fri, 13 Jul 2007 13:10:26 -0400
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1I9Oes-0006lN-32
	for emacs-devel@gnu.org; Fri, 13 Jul 2007 13:10:22 -0400
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1I9Oep-0006lA-O5
	for emacs-devel@gnu.org; Fri, 13 Jul 2007 13:10:20 -0400
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1I9Oep-0006l5-Kl
	for emacs-devel@gnu.org; Fri, 13 Jul 2007 13:10:19 -0400
Original-Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <ged-emacs-devel@m.gmane.org>)
	id 1I9Oep-0002ne-4l
	for emacs-devel@gnu.org; Fri, 13 Jul 2007 13:10:19 -0400
Original-Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1I9Oem-0007Tu-Iy
	for emacs-devel@gnu.org; Fri, 13 Jul 2007 19:10:16 +0200
Original-Received: from cpe-74-74-219-54.rochester.res.rr.com ([74.74.219.54])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Fri, 13 Jul 2007 19:10:16 +0200
Original-Received: from timotheus by cpe-74-74-219-54.rochester.res.rr.com with local
	(Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Fri, 13 Jul 2007 19:10:16 +0200
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 43
Original-X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: cpe-74-74-219-54.rochester.res.rr.com
User-Agent: Gnus/5.110007 (No Gnus v0.7) Emacs/23.0.51 (gnu/linux)
Cancel-Lock: sha1:2ttjtmMhv466cCoCnqd0UX6nXAU=
X-detected-kernel: Linux 2.6, seldom 2.4 (older, 4)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:74724 gmane.mail.mh-e.devel:12676 gmane.emacs.gnus.general:64937
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/64937>

--===============1835671138==
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha1; protocol="application/pgp-signature"

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Reiner Steib <reinersteib+gmane@imap.cc> writes:

> On Fri, Jul 13 2007, timotheus wrote:
>
>> ... `smime.el' has some security, feature, and
>> ease-of-use concerns too.
>
> If there are any security concerns wrt `smime.el', please report them.
>
> Bye, Reiner.
> --=20

It is more a matter of opinion, but I once noticed the following with
`smime.el'.

  - `call-process' / `call-process-region' (temporary files in /tmp/?)
  - environment variable(s) for password passing
  - documentation encourages use of un-passworded .pem
  - password caching via elisp instead of external agent
    - personally avoid, even for tramp + SSH
  - the very manual .pem key/crt setup was tricky

Some of them you mention in the comments. EasyPG mentions some of them
in its comments/docs wrt other Emacs cryptography libraries. Not a big
deal, perhaps.

=2Dtimotheus

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.5 (GNU/Linux)

iD8DBQFGl7HoGWMp0IAo0gsRAiYNAKCBVDI125wpU52TXGjsmWwwIJbSyACgnNUy
dswS/iZhDb0GtMRlJiCt0Nk=
=2tEC
-----END PGP SIGNATURE-----
--=-=-=--




--===============1835671138==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel
--===============1835671138==--