Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable

From:	Stefan Monnier
Subject:	Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
Date:	Fri, 29 Apr 2011 13:22:27 -0300
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux)

> +In some situations however, it can be difficult to share randomly
> +generated password with remote hosts (eg. no shared directory),

ssh/scp work fine for me.

> +so you can set the key with this variable and then copy server
> +file to remote host (with possible changes to IP address and/or
> +port if that applies).

IIUC this only makes sense if you want to use a shared key that you keep
for a "long" time (since the intention is to reduce the frequency of
key-distribution).
Now the server keys are sent in the clear over the network, so the
security we provide is rather minimal.  OT1H that means your patch
should be OK since we don't really have security anyway.  OTOH it means
that it makes the security threat more serious.


        Stefan


PS: emacsclient should really try not to send the key in cleartext, but
instead send something like "nonce,hash(nonce,key)".

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Juanma Barranquero, 2011/04/29
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/29
  - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Juanma Barranquero, 2011/04/29
    - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/29
    - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/29
    - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Eli Zaretskii, 2011/04/30
    - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Richard Stallman, 2011/04/30
    - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/30
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Stefan Monnier <=
  - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/29
    - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Stefan Monnier, 2011/04/29
  - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Juanma Barranquero, 2011/04/30
    - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/30
    - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Juanma Barranquero, 2011/04/30
    - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/30
    - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Juanma Barranquero, 2011/04/30
    - Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/30

Prev by Date: Re: Indexed search with grep-like output
Next by Date: Re: MOST_POSITIVE_FIXNUM and maximum buffer/string size
Previous by thread: Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
Next by thread: Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
Index(es):
- Date
- Thread