From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/39793 Path: main.gmane.org!not-for-mail From: Per Abrahamsen Newsgroups: gmane.emacs.gnus.general Subject: Re: cancel locks Date: Thu, 01 Nov 2001 09:23:50 +0100 Organization: The Church of Emacs Sender: owner-ding@hpc.uh.edu Message-ID: References: NNTP-Posting-Host: coloc-standby.netfonds.no Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1035175447 29859 80.91.224.250 (21 Oct 2002 04:44:07 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Mon, 21 Oct 2002 04:44:07 +0000 (UTC) Return-Path: Original-Received: (qmail 14526 invoked from network); 1 Nov 2001 08:26:11 -0000 Original-Received: from malifon.math.uh.edu (mail@129.7.128.13) by mastaler.com with SMTP; 1 Nov 2001 08:26:11 -0000 Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 15zD9Y-0003DN-00; Thu, 01 Nov 2001 02:24:44 -0600 Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Thu, 01 Nov 2001 02:24:23 -0600 (CST) Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66]) by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id CAA18904 for ; Thu, 1 Nov 2001 02:24:12 -0600 (CST) Original-Received: (qmail 14486 invoked by alias); 1 Nov 2001 08:24:19 -0000 Original-Received: (qmail 14481 invoked from network); 1 Nov 2001 08:24:18 -0000 Original-Received: from sheridan.dina.kvl.dk (130.225.40.227) by gnus.org with SMTP; 1 Nov 2001 08:24:18 -0000 Original-Received: from ssv2.dina.kvl.dk (ssv2.dina.kvl.dk [130.225.40.226]) by sheridan.dina.kvl.dk (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id JAA09538; Thu, 1 Nov 2001 09:23:50 +0100 Original-Received: from abraham by ssv2.dina.kvl.dk with local (Exim 3.12 #1 (Debian)) id 15zD8g-0005Ue-00; Thu, 01 Nov 2001 09:23:50 +0100 Original-To: ding@gnus.org X-Face: +kRV2]2q}lixHkE{U)mY#+6]{AH=yN~S9@IFiOa@X6?GM|8MBp/ In-Reply-To: (Simon Josefsson's message of "Wed, 31 Oct 2001 18:45:37 +0100") User-Agent: Gnus/5.090004 (Oort Gnus v0.04) Emacs/21.0.106 (i686-pc-linux-gnu) Precedence: list X-Majordomo: 1.94.jlt7 Original-Lines: 35 Xref: main.gmane.org gmane.emacs.gnus.general:39793 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:39793 Simon Josefsson writes: > Should Gnus really generate this password, > as has been suggested previously? (If so, you're restricted to using > only one installation of Gnus which has access to the same generated > password. And you can't lose the file. No, the user should chose the > password.) I think Gnus should generate the password if it hasn't been set, and store it with customize in plain text in "canlock-password". E.g. something like this: (defun message-canlock-password () "The password used by message for cancel locks. This is the value of `canlock-password', if that option is non-nil. Otherwise, generate and save a value for `canlock-password' first." (unless canlock-password (customize-save-variable 'canlock-password (message-unique-id))) canlock-password) The user will be able to copy the password to another installation, or set it to something else if he really cares. Storing the password in plain text or using (message-unique-id) to generate it (which will make it guessable by a determined cracker, but still a lot more effort than faking an unlocked cancel) would have been unacceptable to a high-value password, but should be fine for something like cancel locks which really offer very little protection in the first place, given that servers don't support it. The main use of cancel locks will be for Gnus to have a reliable way to tell whether something is send by the same user or not, and get rid of the sender header.