On Mon, 05 Nov 2007 03:47:04 -0500 Richard Stallman
<rms gnu.org> wrote:
RS> I just looked at encrypt.el. It appears to support
just GnuPG
RS> and "Built-in simple XOR". And built-in
simple XOR is just an
RS> example, not for real use.
RS> The idea is to allow users to supply their own
ciphers, and to support
RS> other external utilities as users find it
necessary.
RS> It is a sensible feature, but is it worth including
in Emacs? I am
RS> not convinced this is sufficiently useful to be worth
including.
In my experience, giving users creative freedom is always
worth it.
Emacs is built around the idea of letting users do what they
want, isn't
it? I am surprised you are OK with locking Emacs users into
GnuPG,
which is nice software but certainly not the only way to do
encryption.
RS> Is there any sign that users use it?
The package was in Gnus, and I don't have bug reports. I
have not
advertised the library so far, except for brief notes to
Gnus users. So
I don't have a sample big enough to answer your question.
RS> 1) users don't have to install GnuPG to use
simple obfuscation ciphers
RS> (yes, this is sometimes useful).
RS> If you mean Rot13, aren't there other interfaces for
that? It seems
RS> to me that we don't want to use the same command for
Rot13 as we use
RS> for GPG, because it is inconvenient to have to select
one or the other
RS> each time. We want two different commands.
I don't mean ROT13 specifically. I keep repeating this: the
users will
come up with interesting ciphers. Instead of anticipating
their needs,
the API should support them by being simple and flexible.
In any case, the user wouldn't select a cipher each time.
The
encrypt-find-model function will determine the encryption
model,
currently from an alist. The user chooses, for example,
that
~/.authinfo is encrypted with GnuPG, but ~/emacs/*.el will
use cipher X
because it's more appropriate. Perhaps cipher X is the XOR
cipher
because the user is OK with simple obfuscation.
RS> 3) other external utilities can be supported.
RS> Are there any that are useful to support?
I found a few GPL ones (just a sample list) with a simple
web search:
MCrypt http://mcrypt.sourcefo
rge.net/
AxCrypt http://www.axantum.co
m/AxCrypt/
ScramDisk 4 Linux http://sourcefo
rge.net/projects/sd4l/
Several steganography tools (hide data inside an image, for
example)
They all do things GnuPG doesn't as far as I can tell,
though some
functionality may overlap.
RS> 4) ciphers, being Emacs Lisp code, can do almost
anything: SSH to a
RS> remote machine, use BBDB, use IMAP, use version
control...
RS> I really don't like the idea of labeling such things
as "encryption".
External functions may be involved in customizing the
encryption process
Here are some examples (again, I'd rather let the users
implement what
they need, this is just my list of things I might find
interesting):
- use BBDB to store shared keys or public keys
- get shared or public keys from an IMAP server (stored in a
message)
- on a CVS/SVN/etc. checkin/checkout, use another file in
the repository
to modify the shared key or as the shared key
- pure Lisp ciphers for quick experimentation and sharing
Ted
_______________________________________________
Emacs-devel mailing list
Emacs-develgnu.org
htt
p://lists.gnu.org/mailman/listinfo/emacs-devel
|
