[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
From: |
Juanma Barranquero |
Subject: |
Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable |
Date: |
Sun, 1 May 2011 01:59:25 +0200 |
2011/5/1 Michal Nazarewicz <address@hidden>:
> Depending on how paranoid are we, MD5 could feel too weak though.
> (Also, one could wish for HMAC.)
I am not feeling particularly paranoid just now, seeing as we've been
using a cleartext authentication key for the past few years...
> Actually, server would have to generate the nonce. Otherwise, the
> authentication scheme would be prone to replay attacks and would really
> defy the purpose of nonce.
OK, I in fact prefer to generate the nonce in elisp.
> That would still break backward compatibility, wouldn't it? The old
> servers would not accept this command anyway. Unless server would issue
> it to client just after making connection. From what I see, the old
> clients would "only" print error message.
Yeah, but a failed -auth closes the connection and deletes the
process, while an unknown command just issues an error message. One
way or another, I don't think we can avoid the error message on the
emacsclient side.
> In the worst case, the client could first try the new authenticating
> scheme and on error reconnect with the old scheme.
Yes, but as the connection is closed, that adds a bit of complexity to
emacsclient that I'd like to avoid if possible.
Juanma
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, (continued)
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/29
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/29
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Eli Zaretskii, 2011/04/30
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Richard Stallman, 2011/04/30
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/30
Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Stefan Monnier, 2011/04/29