Re: Opportunistic STARTTLS in smtpmail.el

[Ted Zlatanov]

On Wed, 01 Jun 2011 09:37:43 -0300 Stefan Monnier <address@hidden> wrote: 

>> I think it's necessary no matter what.  We've had several suggestions
>> (from me, Lars, and Daiki Ueno) for something like what I'm proposing.
>> It's definitely useful.

>> Speaking of which, I think in addition to gpg: tokens we should support
>> crypt: tokens (using the native OS crypt call) and MD4 or some other
>> symmetric cipher simple enough to implement in ELisp.  GPG is not
>> necessarily available or wanted.

SM> One more thing: a user which has a ~/.authinfo.gpg but no unencrypted
SM> ~/.netrc nor ~/.authinfo should not be prompted for a password (since
SM> that would be very annoying, if in the end she doesn't need
SM> authentication).

If the SMTP server requires authentication, how do we know
~/.authinfo.gpg does NOT have the password we need?  If it does not
require authentication, `auth-source-search' should not be called.

If you find the password prompt for ~/.authinfo.gpg annoying, don't use
that file in your `auth-sources' or use proper GPG key encryption, which
should not prompt you after you load your keyring.

SM> I really think that trying to avoid smtpmail-use-auth is ill-advised.

I'm not trying to avoid anything.  My goal is to provide a netrc format
that freely mixes encrypted and unencrypted data, so you can do a search
without decrypting data and for other benefits.  Do you see any issues
with the format I've proposed?  If the format works and everyone likes
it, I can make ~/.authinfo the default `auth-sources' backend instead of
~/.authinfo.gpg.

You and Lars can do what you like with smtpmail.el; I only need to get
involved when you call `auth-source-search'.

Ted