From xemacs-m  Sun Aug 24 14:35:10 1997
Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1])
	by xemacs.org (8.8.5/8.8.5) with SMTP id OAA00391
	for <xemacs-beta@xemacs.org>; Sun, 24 Aug 1997 14:35:09 -0500 (CDT)
Received: from Corp.Sun.COM ([129.145.35.78]) by mercury.Sun.COM (SMI-8.6/mail.byaddr) with SMTP id JAA20770; Sun, 24 Aug 1997 09:53:24 -0700
Received: from legba.Corp.Sun.COM by Corp.Sun.COM (SMI-8.6/SMI-5.3)
	id JAA07415; Sun, 24 Aug 1997 09:53:22 -0700
Received: by legba.Corp.Sun.COM (SMI-8.6/SMI-SVR4)
	id JAA06759; Sun, 24 Aug 1997 09:53:23 -0700
To: Martin Buchholz <mrb@Eng.Sun.COM>
Cc: <jari.aalto@poboxes.com> (pgp preferred ssjaaa@uta.fi | pgp -fka),
        skip@calendar.com (Skip Montanaro), xemacs-beta@xemacs.org
Subject: Re: PGP security threat alert
References: <199708232201.SAA22000@helene.tele.nokia.fi> <199708232210.PAA12803@xemacs.eng.sun.com>
X-Attribution: GDF
Mail-Copies-To: never
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Gary.Foster@Corp.Sun.COM (Gary D. Foster)
Date: 24 Aug 1997 09:53:23 -0700
In-Reply-To: Martin Buchholz's message of "Sat, 23 Aug 1997 15:10:41 -0700"
Message-ID: <bci3enzo73w.fsf@corp.Sun.COM>
Lines: 14
X-Mailer: Gnus v5.4.65/XEmacs 20.3(beta18) - "Bratislava"

>>>>> "Martin" == Martin Buchholz <mrb@Eng> writes:

    Martin> Removing all the recent keys seems remarkably kludgy.  We
    Martin> should not have a subr to remove the recent keys.  Instead
    Martin> we should have a way to suppress recording of keystrokes
    Martin> during execution of a lisp function, which could be used
    Martin> by passwd.el.  I vote against adding the subr.

I agree with this.  There should just be a way to turn off saving
keystrokes in lossage and a way to turn it back on again.  Still won't 
be completely secure against a determined attacker but it is a step or 
two closer and it does make sense to me.

-- Gary F.

