Re: Password protection - Richard Riley

Gnus development mailing list
 help / color / mirror / Atom feed

From: Richard Riley <rileyrg@googlemail.com>
To: Daniel Pittman <daniel@rimspace.net>
Cc: ding@gnus.org
Subject: Re: Password protection
Date: Wed, 29 Sep 2010 08:42:56 +0200	[thread overview]
Message-ID: <qzd3rxgidr.fsf@news.eternal-september.org> (raw)
In-Reply-To: <87bp7hnla8.fsf@rimspace.net> (Daniel Pittman's message of "Wed, 29 Sep 2010 15:58:23 +1000")

Daniel Pittman <daniel@rimspace.net> writes:

> Richard Riley <rileyrg@googlemail.com> writes:
>> Daniel Pittman <daniel@rimspace.net> writes:
>>> Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
>>>
>>>> I find it sort of puzzling that we have to jump through all these hoops
>>>> to get at credentials.  I mean, Firefox users don't have to set up a gpg
>>>> agent or type their passwords a gazillion times, so why should users?
>>>
>>> I just shove mine into ~/.netrc, set appropriate permissions, and let the
>>> whole thing be.  I did my risk assessment, encrypted my entire disk, and was
>>> satisfied that by the time someone could steal my password through there the
>>> could equally steal it behind the back of any encryption.
>>>
>>> So, yeah, I agree with you.
>>
>> Nice. But your case is a total fringe case so doesn't justify not using
>> a proper agent for gpg key retrieval. To argue that its unnecessary
>> because your entire disk is already encrypted is probably not a strong
>> case ;)
>
> You are right: the disk encryption is an attractive nuisance in my argument.
>
> By the time someone can bypass the security precautions of having a file owned
> by me, on my single user machine, they have already won plenty of other ways.
>
>         Daniel
>
> ...besides, isn't using Gnus already a fringe activity?

Indeed! Which makes your case a fringe in a fringe ;)

The agent is used for many other things too in addition to gnus gpg file
decryption.

I log in once when emacs opens my "rgr.gpg" file and have a long timeout
set in the gpg-agent.conf.  Since the authinfo.gpg is encrypted with the
same key the agent takes care of it. No hardship at all.

The real benefits of course are the ability to use public (and free!)
git repos for ones dotemacs collection including the authinfo file
which, being encrypted as a .gpg, is pretty useless to anyone else. 


-- 
☘ http://www.shamrockirishbar.com, http://splash-of-open-sauce.blogspot.com/ http://www.richardriley.net

next prev parent reply	other threads:[~2010-09-29  6:42 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-09-28 14:17 Lars Magne Ingebrigtsen
2010-09-28 14:43 ` Richard Riley
2010-09-29 14:01   ` Lars Magne Ingebrigtsen
2010-09-28 14:46 ` Julien Danjou
2010-09-28 14:50   ` Ted Zlatanov
2010-09-29 14:04   ` Lars Magne Ingebrigtsen
2010-09-28 14:47 ` Ted Zlatanov
2010-09-29 14:07   ` Lars Magne Ingebrigtsen
2010-09-29 16:56     ` Charles Philip Chan
2010-09-29 17:15     ` Ted Zlatanov
2010-09-29 19:27       ` Lars Magne Ingebrigtsen
2010-09-29 19:51         ` Ted Zlatanov
2010-09-29 20:35           ` Michael Albinus
2010-09-29 20:58             ` Ted Zlatanov
2010-09-30  3:32               ` Michael Albinus
2010-09-30 15:46                 ` Ted Zlatanov
2010-09-30 17:19                   ` Michael Albinus
2010-09-30 16:25                 ` Lars Magne Ingebrigtsen
2010-09-30 16:43                   ` Ted Zlatanov
2010-09-30 16:47                     ` Lars Magne Ingebrigtsen
2010-09-30 17:07                       ` Ted Zlatanov
2010-09-30 17:17                         ` Lars Magne Ingebrigtsen
2010-09-30 17:45                           ` Ted Zlatanov
2010-09-30 17:51                             ` Lars Magne Ingebrigtsen
2010-09-30 19:11                               ` Michael Albinus
2010-09-30 17:13                       ` Michael Albinus
2010-09-30 17:16                     ` Michael Albinus
2010-09-29 21:38           ` Lars Magne Ingebrigtsen
2011-02-25 22:18             ` Ted Zlatanov
2011-03-05 11:53               ` Lars Magne Ingebrigtsen
2011-03-07 17:27                 ` Ted Zlatanov
2010-09-28 15:02 ` David Engster
2010-09-29  2:28 ` Daniel Pittman
2010-09-29  4:39   ` Richard Riley
2010-09-29  5:58     ` Daniel Pittman
2010-09-29  6:42       ` Richard Riley [this message]
2010-09-29  8:54   ` Gijs Hillenius
2010-09-29  9:07     ` Richard Riley
2010-09-29 10:23       ` Gijs Hillenius
2010-09-29  9:51     ` Tassilo Horn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=qzd3rxgidr.fsf@news.eternal-september.org \
    --to=rileyrg@googlemail.com \
    --cc=daniel@rimspace.net \
    --cc=ding@gnus.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).