From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/72149 Path: news.gmane.org!not-for-mail From: Richard Riley Newsgroups: gmane.emacs.gnus.general Subject: Re: Password protection Date: Wed, 29 Sep 2010 08:42:56 +0200 Organization: aich tea tea pea dicky riley dot net Message-ID: References: <87mxr1nv0d.fsf@rimspace.net> <9wsk0t88pl.fsf@news.eternal-september.org> <87bp7hnla8.fsf@rimspace.net> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1285742632 25340 80.91.229.12 (29 Sep 2010 06:43:52 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 29 Sep 2010 06:43:52 +0000 (UTC) Cc: ding@gnus.org To: Daniel Pittman Original-X-From: ding-owner+M20522@lists.math.uh.edu Wed Sep 29 08:43:49 2010 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1P0qOL-0007x2-DX for ding-account@gmane.org; Wed, 29 Sep 2010 08:43:49 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1P0qO9-0007sg-4E; Wed, 29 Sep 2010 01:43:37 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1P0qO7-0007sU-4Q for ding@lists.math.uh.edu; Wed, 29 Sep 2010 01:43:35 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1P0qO2-0007Np-SV for ding@lists.math.uh.edu; Wed, 29 Sep 2010 01:43:34 -0500 Original-Received: from mail-fx0-f44.google.com ([209.85.161.44]) by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian)) id 1P0qO2-0003f3-00 for ; Wed, 29 Sep 2010 08:43:30 +0200 Original-Received: by fxm6 with SMTP id 6so408264fxm.17 for ; Tue, 28 Sep 2010 23:42:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:from:to:cc:subject :organization:references:date:in-reply-to:message-id:user-agent :mime-version:content-type:content-transfer-encoding; bh=gp+OHPr5Efjb47TZ/cw4pUAzC6ps55J+qG4Bn0/Nmvk=; b=miimunnSbA40sAcNh8o4KRHsanineSJFerwdtdTD6cC3Jof0NN2Ux6UtAA9+gmg7o7 mFArN6twOdBCNlmdMjXLesuR8BH7z7I+jjZQbp/2iOwLuFE5OwPf26fBAoz0nvd2x0+D uBWGHkMx8YCOy15D94fLV2FKZJ6VLV7IK+ksY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=from:to:cc:subject:organization:references:date:in-reply-to :message-id:user-agent:mime-version:content-type :content-transfer-encoding; b=TDoO4GCF4etgw0GELqwyFLuDDAtKuEhE3m1rSvnET+e6ybiR2PW5Ph4zB7s9qo98H4 +61xl9o8k5XPElnXXCFqKohtCtq/ovJAUmUX6mFgJVmfJRkdXSBclzSQHOI+Pe27Le6a JhhiH4iI1n8cf9B5ig2Xchpor7iHpNjY2xiIo= Original-Received: by 10.223.59.196 with SMTP id m4mr1040811fah.100.1285742579650; Tue, 28 Sep 2010 23:42:59 -0700 (PDT) Original-Received: from localhost ([85.183.18.158]) by mx.google.com with ESMTPS id b11sm3592381faq.30.2010.09.28.23.42.57 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 28 Sep 2010 23:42:58 -0700 (PDT) In-Reply-To: <87bp7hnla8.fsf@rimspace.net> (Daniel Pittman's message of "Wed, 29 Sep 2010 15:58:23 +1000") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) X-Spam-Score: -2.0 (--) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:72149 Archived-At: Daniel Pittman writes: > Richard Riley writes: >> Daniel Pittman writes: >>> Lars Magne Ingebrigtsen writes: >>> >>>> I find it sort of puzzling that we have to jump through all these hoops >>>> to get at credentials. I mean, Firefox users don't have to set up a g= pg >>>> agent or type their passwords a gazillion times, so why should users? >>> >>> I just shove mine into ~/.netrc, set appropriate permissions, and let t= he >>> whole thing be. I did my risk assessment, encrypted my entire disk, an= d was >>> satisfied that by the time someone could steal my password through ther= e the >>> could equally steal it behind the back of any encryption. >>> >>> So, yeah, I agree with you. >> >> Nice. But your case is a total fringe case so doesn't justify not using >> a proper agent for gpg key retrieval. To argue that its unnecessary >> because your entire disk is already encrypted is probably not a strong >> case ;) > > You are right: the disk encryption is an attractive nuisance in my argume= nt. > > By the time someone can bypass the security precautions of having a file = owned > by me, on my single user machine, they have already won plenty of other w= ays. > > Daniel > > ...besides, isn't using Gnus already a fringe activity? Indeed! Which makes your case a fringe in a fringe ;) The agent is used for many other things too in addition to gnus gpg file decryption. I log in once when emacs opens my "rgr.gpg" file and have a long timeout set in the gpg-agent.conf. Since the authinfo.gpg is encrypted with the same key the agent takes care of it. No hardship at all. The real benefits of course are the ability to use public (and free!) git repos for ones dotemacs collection including the authinfo file which, being encrypted as a .gpg, is pretty useless to anyone else.=20 --=20 =E2=98=98 http://www.shamrockirishbar.com, http://splash-of-open-sauce.blog= spot.com/ http://www.richardriley.net