emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: smime.el: security concerns?

From: timotheus
Subject: Re: smime.el: security concerns?
Date: Fri, 13 Jul 2007 13:09:54 -0400
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/23.0.51 (gnu/linux) 
Reiner Steib <address@hidden> writes:

> On Fri, Jul 13 2007, timotheus wrote:
>
>> ... `smime.el' has some security, feature, and
>> ease-of-use concerns too.
>
> If there are any security concerns wrt `smime.el', please report them.
>
> Bye, Reiner.
> -- 

It is more a matter of opinion, but I once noticed the following with
`smime.el'.

  - `call-process' / `call-process-region' (temporary files in /tmp/?)
  - environment variable(s) for password passing
  - documentation encourages use of un-passworded .pem
  - password caching via elisp instead of external agent
    - personally avoid, even for tramp + SSH
  - the very manual .pem key/crt setup was tricky

Some of them you mention in the comments. EasyPG mentions some of them
in its comments/docs wrt other Emacs cryptography libraries. Not a big
deal, perhaps.

-timotheus

Attachment: pgptOXPMe4mi8.pgp
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]