From xemacs-m  Sat Aug 23 17:11:48 1997
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1])
	by xemacs.org (8.8.5/8.8.5) with SMTP id RAA27807
	for <xemacs-beta@xemacs.org>; Sat, 23 Aug 1997 17:11:48 -0500 (CDT)
Received: from Eng.Sun.COM ([129.146.1.25]) by mercury.Sun.COM (SMI-8.6/mail.byaddr) with SMTP id PAA27658; Sat, 23 Aug 1997 15:10:46 -0700
Received: from kindra.eng.sun.com by Eng.Sun.COM (SMI-8.6/SMI-5.3)
	id PAA13568; Sat, 23 Aug 1997 15:10:44 -0700
Received: from xemacs.eng.sun.com by kindra.eng.sun.com (SMI-8.6/SMI-SVR4)
	id PAA14356; Sat, 23 Aug 1997 15:10:42 -0700
Received: by xemacs.eng.sun.com (SMI-8.6/SMI-SVR4)
	id PAA12803; Sat, 23 Aug 1997 15:10:41 -0700
Date: Sat, 23 Aug 1997 15:10:41 -0700
Message-Id: <199708232210.PAA12803@xemacs.eng.sun.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: Martin Buchholz <mrb@Eng.Sun.COM>
To: <jari.aalto@poboxes.com> (pgp preferred ssjaaa@uta.fi | pgp -fka)
Cc: skip@calendar.com (Skip Montanaro), xemacs-beta@xemacs.org
Subject: Re: PGP security threat alert
In-Reply-To: <199708232201.SAA22000@helene.tele.nokia.fi>
References: <199708232201.SAA22000@helene.tele.nokia.fi>
X-Mailer: VM 6.33 under 20.3 "Vienna" XEmacs  Lucid (beta14)
Reply-To: Martin Buchholz <mrb@Eng.Sun.COM>

>>>>> "Jari" == Jari Aalto <jaalto@tre.tele.nokia.fi> writes:

Removing all the recent keys seems remarkably kludgy.  We should not
have a subr to remove the recent keys.  Instead we should have a way
to suppress recording of keystrokes during execution of a lisp
function, which could be used by passwd.el.  I vote against adding the 
subr.

On the other hand, I'm not volunteering to implement the above
functionality...  But it shouldn't be too hard to do.

Martin

Jari> -----BEGIN PGP SIGNED MESSAGE-----
Jari> ##
Jari> Subject: Re: PGP security threat alert
Jari> Reply-to: <jari.aalto@poboxes.com> (pgp preferred ssjaaa@uta.fi | pgp -fka)

Jari> 	Bart Robinson <lomew@cs.utah.edu>:
Bart> Here's a subr that clears the lossage log ...

Jari>     Based up the original poster's request, it seems reasonable that all
Jari>     packages that prompt for passwords of any kind should call
Jari>     clear-recent-keys after reading the password.  Better yet would be
Jari>     subrs to disable and enable adding keys to the recent-keys vector.

Jari> Thank you for fast response!
Jari> Since packages shoud use passwd.el to get the password secretly
Jari> (I use it), I propose that the new subr is used directly there. This
Jari> way no other code change is needed.

Jari> Hope everyone uses passwd.el, now that would be the time :-)

Jari> Thanks again. Will this be bindled in 20.3 or 20.4 ?
Jari> jari

Jari> -----BEGIN PGP SIGNATURE-----
Jari> Version: 2.6.3ia
Jari> Charset: noconv
Jari> Comment: Processed by Emacs TinyPgp.el 1.258

Jari> iQBVAwUBM/9dkMC67dVHFB01AQFqHAH+OBbWuwKBScinq1APZx/o/FBZImE72S8p
Jari> zgfIIHmh2TAHdUZwIpE5gWyA5E1HicbB3sWYnVl0lWfU96ea9MMyfA==
Jari> =cYvS
Jari> -----END PGP SIGNATURE-----


