From: Per Abrahamsen <abraham@dina.kvl.dk>
Subject: Re: cancel locks
Date: Thu, 01 Nov 2001 09:23:50 +0100 [thread overview]
Message-ID: <rjd7323nmx.fsf@ssv2.dina.kvl.dk> (raw)
In-Reply-To: <ilug07z7lfi.fsf@dhcp128.extundo.com> (Simon Josefsson's message of "Wed, 31 Oct 2001 18:45:37 +0100")
Simon Josefsson <jas@extundo.com> writes:
> Should Gnus really generate this password,
> as has been suggested previously? (If so, you're restricted to using
> only one installation of Gnus which has access to the same generated
> password. And you can't lose the file. No, the user should chose the
> password.)
I think Gnus should generate the password if it hasn't been set, and
store it with customize in plain text in "canlock-password".
E.g. something like this:
(defun message-canlock-password ()
"The password used by message for cancel locks.
This is the value of `canlock-password', if that option is non-nil.
Otherwise, generate and save a value for `canlock-password' first."
(unless canlock-password
(customize-save-variable 'canlock-password (message-unique-id)))
canlock-password)
The user will be able to copy the password to another installation, or
set it to something else if he really cares.
Storing the password in plain text or using (message-unique-id) to
generate it (which will make it guessable by a determined cracker, but
still a lot more effort than faking an unlocked cancel) would have
been unacceptable to a high-value password, but should be fine for
something like cancel locks which really offer very little protection
in the first place, given that servers don't support it.
The main use of cancel locks will be for Gnus to have a reliable way
to tell whether something is send by the same user or not, and get rid
of the sender header.
next prev parent reply other threads:[~2001-11-01 8:23 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-10-31 17:45 Simon Josefsson
2001-10-31 18:11 ` Bjørn Mork
2001-10-31 19:06 ` Simon Josefsson
2001-11-01 0:13 ` Robin S. Socha
2001-11-01 11:28 ` Florian Weimer
2001-11-01 8:23 ` Per Abrahamsen [this message]
2001-11-01 11:34 ` Florian Weimer
2001-11-01 11:59 ` Per Abrahamsen
2001-11-01 16:34 ` Matt Armstrong
2001-11-01 17:21 ` Per Abrahamsen
2001-11-01 17:41 ` Jesper Harder
2001-11-01 17:23 ` Simon Josefsson
2001-11-01 18:47 ` Matt Armstrong
2001-11-01 21:09 ` Florian Weimer
2001-11-01 21:10 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=rjd7323nmx.fsf@ssv2.dina.kvl.dk \
--to=abraham@dina.kvl.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).