[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs RPC security

From: Ted Zlatanov
Subject: Re: Emacs RPC security
Date: Mon, 02 May 2011 13:57:47 -0500
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux)

On Mon, 02 May 2011 00:02:47 +0200 Lars Magne Ingebrigtsen <address@hidden> 

LMI> Lars Magne Ingebrigtsen <address@hidden> writes:
>> Having a GnuTLS server in Emacs would be nice.

LMI> I just had a horrible idea.

LMI> I converted pop3.el to use opportunistic STARTTLS upgrades now (one less
LMI> thing on my imaginary todo list -- only googleplex more to go), and it
LMI> occurred to me that the Emacs Server could use STARTTLS too.

LMI> Today you just send the shared secret and then the command, but we could
LMI> easily implement a CAPABILITY command, and offer STARTTLS and thereby
LMI> allow forward-and-backward compatibility between encrypted and
LMI> non-encrypted clients and servers.  :-)

Regardless of STARTTLS support (which would be good), a CAPABILITY
function would be good for this server-eval RPC you're building.

I already mentioned that given GnuTLS, we can associate client-side SSL
certificates with particular functions, so we authenticate on the
certificates and authorize based on the (certificate, function)
combination.  This seems to me much better, even if "orthogonal," than
the current "come visit my server and run anything you like" approach.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]