[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: encrypt.el in No Gnus 0.7
|
From: |
Ted Zlatanov |
|
Subject: |
Re: encrypt.el in No Gnus 0.7 |
|
Date: |
Fri, 02 Nov 2007 09:08:54 -0500 |
|
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.1.50 (darwin) |
On Fri, 2 Nov 2007 00:24:04 +0900 "Daiki Ueno" <address@hidden> wrote:
DU> 2007/11/2, Ted Zlatanov <address@hidden>:
>> On Thu, 1 Nov 2007 10:30:54 +0900 "Daiki Ueno" <address@hidden> wrote:
DU> epa-file.el in EasyPG can also do that. Have you looked at it?
DU> I think it is much easier to use since it does not need elisp setup
DU> like encrypt-file-alist.
>>
>> encrypt-file-alist can be set up via Customize. It's intended as an
>> API, however, so I am not concerned about end users too much.
DU> I think encrypt-file-alist is too much custamisable since GnuPG
DU> records what cipher is used to encrypt in the PGP message. See
DU> RFC2440.
Again, you're tightly bound to GnuPG. Does EasyPG support arbitrary,
user-supplied ciphers? I didn't see that ability.
DU> Yes, EasyPG does not (yet) provide a way to specify the cipher
DU> algorithm but as I mentioned above we need to specify only the first
DU> time. Is it not enough to edit ~/.gnupg/gpg.conf or manually call the
DU> gpg command with options?
Definitely no. Again, you're tightly bound to GnuPG. Your README says:
"EasyPG is an all-in-one GnuPG interface for Emacs. It has two
aspects: convenient tools which allow to use GnuPG from Emacs (EasyPG
Assistant), and a fully functional interface library to GnuPG (EasyPG
Library)."
There's nothing wrong with that, but you're entirely dependent on GnuPG
to do the encryption and decryption, so you most definitely do not
provide the same services as encrypt.el.
DU> I also think that your XOR cipher is not a good idea as a fallback
DU> algorithm. Have you ever read Simon Singh's "The Code Book"?
It's not a fallback, it's an example implementation. I have not read
that particular book, but I have studied encryption algorithms in
college and have used them at the API level many times since.
DU> Yes, EasyPG is a bit complex and invasive. But IMO sometimes
DU> usability should be given priority over simplicity &
DU> non-invasiveness.
>>
>> Sure, and that's your choice to make within the EasyPG package, which
>> has specific needs. I think an API must be simple an non-invasive,
>> though, and encrypt.el is by those standards a better API than
>> epa-file.el or any other *crypt* package I've seen. If I'm wrong,
>> please tell me.
DU> epa-file.el is an *application* not a *libarary* (I'm a bit tired of
DU> explanating these difference again and again...).
Sorry, but you'll have to be patient with me. I did not get that
distinction from the EasyPG docs, perhaps I missed it.
DU> epg.el is the library and it provides the API. Since it only
DU> accepts string or file for encryption and do not cache passphrase,
DU> it is simpler than encrypt.el.
We're talking in circles.
What you consider simplicity is in fact reliance on an external tool,
which handles everything for you. I think encryption and decryption
should be possible with an API, without external tools. If we disagree
and EasyPG is the only encryption API in Emacs, then I will keep
maintaining encrypt.el in the Gnus development tree.
Ted
- Re: encrypt.el in No Gnus 0.7, (continued)
- Re: encrypt.el in No Gnus 0.7, Sascha Wilde, 2007/11/09
- Re: encrypt.el in No Gnus 0.7, Reiner Steib, 2007/11/06
- Re: encrypt.el in No Gnus 0.7, Ted Zlatanov, 2007/11/07
- Re: encrypt.el in No Gnus 0.7, Stefan Monnier, 2007/11/07
- Re: encrypt.el in No Gnus 0.7, Ted Zlatanov, 2007/11/07
- Re: encrypt.el in No Gnus 0.7, Reiner Steib, 2007/11/07
- Re: encrypt.el in No Gnus 0.7, Ted Zlatanov, 2007/11/07
Re: encrypt.el in No Gnus 0.7,
Ted Zlatanov <=