[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs core TLS support

From: Ted Zlatanov
Subject: Re: Emacs core TLS support
Date: Thu, 14 Jan 2010 08:09:46 -0600
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1.90 (gnu/linux)

On Wed, 13 Jan 2010 18:46:41 -0500 Chong Yidong <address@hidden> wrote: 

CY> Ted Zlatanov <address@hidden> writes:
>> Is there any chance Emacs can offer core support for TLS-encrypted
>> network connections?  I have no idea what's involved, I'm just checking
>> on the possibility.

CY> What's the advantage of offering core support over using gnutls-cli
CY> (like starttls.el does)?
On Wed, 13 Jan 2010 20:37:42 -0500 MON KEY <address@hidden> wrote: 

MK> It is far more apt to work "out of the box " on on w32...

Portability is one consideration.  The parts of Gnus that touch W32
through starttls.el have been a sore point in terms of support, both
offered (too little) and requested (too much).  I don't have a list of
issues on hand but at least 5 have come up in the last year IIRC.

gnutls-cli and the alternative starttls binary are external binaries.
For encryption protocols like TLS it's both inefficient and insecure to
use external binaries to implement them.

In addition to portability, efficiency, and security, core support would
also be easier to configure if it requires no external binaries
installed.  New users would surely benefit from this.

Simon Josefsson already put a patch together at
http://josefsson.org/securemacs but it will probably need to be revised
a bit, the last change was in 2002.  It offers gnutls.el as an
alternative to starttls.el, with a similar API.  As long as this is
optional and autodetected through configure, I don't see a downside.  It
may need to be folded into starttls.el but that's not a big deal.  I'm
cc-ing Simon in case he has any comments.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]