From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/53559
Path: main.gmane.org!not-for-mail
From: Jesper Harder <harder@myrealbox.com>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: [HS?]: On gnus developement
Date: Fri, 25 Jul 2003 23:51:11 +0200
Organization: http://purl.org/harder/
Sender: ding-owner@lists.math.uh.edu
Message-ID: <m31xwee0mo.fsf@defun.localdomain>
References: <plop878yqprck3.fsf@gnu-rox.org> <m3n0f3zevw.fsf@defun.localdomain>
 <m3smoue60f.fsf@merlin.emma.line.org>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: main.gmane.org 1059169912 13332 80.91.224.249 (25 Jul 2003 21:51:52 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Fri, 25 Jul 2003 21:51:52 +0000 (UTC)
Original-X-From: ding-owner+M2103@lists.math.uh.edu Fri Jul 25 23:51:47 2003
Return-path: <ding-owner+M2103@lists.math.uh.edu>
Original-Received: from malifon.math.uh.edu ([129.7.128.13])
	by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 19gATb-0003SM-00
	for <ding-account@gmane.org>; Fri, 25 Jul 2003 23:51:47 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by malifon.math.uh.edu with smtp (Exim 3.20 #1)
	id 19gAUK-0000h7-00; Fri, 25 Jul 2003 16:52:32 -0500
Original-Received: from sclp3.sclp.com ([64.157.176.121])
	by malifon.math.uh.edu with smtp (Exim 3.20 #1)
	id 19gAUG-0000h2-00
	for ding@lists.math.uh.edu; Fri, 25 Jul 2003 16:52:28 -0500
Original-Received: (qmail 7566 invoked by alias); 25 Jul 2003 21:52:28 -0000
Original-Received: (qmail 7559 invoked from network); 25 Jul 2003 21:52:27 -0000
Original-Received: from quimby.gnus.org (80.91.224.244)
  by sclp3.sclp.com with SMTP; 25 Jul 2003 21:52:27 -0000
Original-Received: from news by quimby.gnus.org with local (Exim 3.12 #1 (Debian))
	id 19gAlj-0003as-00
	for <ding@gnus.org>; Sat, 26 Jul 2003 00:10:31 +0200
Original-To: ding@gnus.org
Original-Path: localhost.localdomain!nobody
Original-Newsgroups: gnus.ding
Original-Lines: 22
Original-NNTP-Posting-Host: 0xc3d7e096.esnxr4.ras.tele.dk
Original-X-Trace: quimby.gnus.org 1059171031 13817 195.215.224.150 (25 Jul 2003 22:10:31 GMT)
Original-X-Complaints-To: usenet@quimby.gnus.org
Original-NNTP-Posting-Date: 25 Jul 2003 22:10:31 GMT
X-Face: ^RrvqCr7c,P$zTR:QED"@h9+BTm-"fjZJJ-3=OU7.)i/K]<.J88}s>'Z_$r;<N5ksn~%wJ@2pjF}="tV;FBsdpFarSWA<oYkZsViGf:F^SD-KXhvFxh;~]?)SWm~+u};0=x}<vOm&5J+?]yB2d]q4x8\0g7SX
Mail-Copies-To: never
User-Agent: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux)
Cancel-Lock: sha1:cne+boifHllEQSS/Lj9FgbTifXc=
Precedence: bulk
Xref: main.gmane.org gmane.emacs.gnus.general:53559
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:53559

Matthias Andree <ma@dt.e-technik.uni-dortmund.de> writes:

> Jesper Harder <harder@myrealbox.com> writes:
>
>> o If you have the right paranoid mindset and understanding of security
>>   issues: Audit the code related to encryption to make sure it's done
>>   in the safest possible way.
>
> Excuse my interference, but all code should be acting in the safest
> possible way, not just encryption-related code.

Sure.  But for encryption there are some special issues that don't
apply to the rest of the code.

E.g. all string and buffers that have contained passwords or decrypted
information ought to be explicitly overwritten immediately after
they're not needed -- just waiting for them to be garbage collected
(as we'd normally do) isn't as secure.

Also, normally we don't care if some piece of information sticks
around in a temporary " *mm*" buffer for while -- for encrypted
messages we ought to care.