Hi
Iīve taken a quick look at the mail encryption and specifically GPG.
At the end of this mail I have made a small summary of the issues that
needs to be resolved. If any issues are missing please let me know.
Also, there is a web pages that quickly explaines about, and the relations
between, S/MIME and PGP/MIME and the current status:
http://www.imc.org/smime-pgpmime.html
Also there were some issues discussed earlier this week I would like to add
my comments to:
- certificate/passphrase management
I suggest using something similar to ssh-agent. The user only types
in the certificate passphrase once, and then the agent stores
the opened certificate for later use.
- storage of messages
I think its better narrow it down and say that only the
composer/viewer should do the encryption/decryption at run time.
That way we dont have to worry about the security aspect of the
issue nor the complications of implementation.
That is, if a user sends an encrypted message it is intended to
only be viewed by the appropriate recipient and not by anyone who
has access to the raw message. If the user absolutely needs to save
a copy of the actual message, or any of its attachements, he can
either export it or just do a plain copy the text.
- mime implications
I donīt know exactly how this works yet, but as far as I know a
signed or encrypted message has a mime type of:
PGP: multipart/signed or multipart/encrypted.
S/MIME: (signing): multipart/signed or CMS format
(encryption): application/pkcs7-mime
This suggest to me that the MIME part of the issue is local and not
global.
- gnupg/me
As far as I understand GPG(GNU Privacy Guard) is a framework rather
than a specific encryption engine. This means that the encryption
algorithm used can be exchanged. (I am wondering if GPGME can be used
as the framework for both PGP and S/MIME, and thereby we only need
one library to do the job, allthougt I donīt think so.)
Another thing is that Mozilla has S/MIME support (and perhaps PGP
aswell) and it could be interresting to see what how they have done
it and what they have used for their S/MIME implementation.
- ui suggestion
I like the way netscape did it, completely transparent. I will take
a look at the details of how it works, since I havenīt used it
since 97.
The most obvious solution is when reading messages:
- M decrypts/verifies the message/signature silently in the
background when the reader opens the message. An icon in the
viewer shows the status of the message (whether the message or
signature is valid or not).
The second issue is composing a message, and this depends on the
setup of the functionality, but generally I suggest:
either all messages are either encrypted or signed (preference)
or marked recipients have their messages encrypted/signed (preference)
In addition there should be a possibility to tell M specifically if
a certain message should be signed/encrypted.
Then there is the issues of certificates, which needs its own
dialog to be managed. But this issue depends on whether the message
is to be signed or encrypted.
- Does the user have the certificate of a recipient (encryption)
- Does the user have its own certificate (encryption/signature)
- Does the user have the certificate of the sender of a message
(encryption/signature)
In all these cases the certificate needs to be retrieved, and this
should be made as easy as possible, not only when reading messages
but when the user uses encryption for the first time aswell.
Otherwise, this is not going to be used by any user (allmost).
So, the following is needed
- a certificate management dialog:
- sets up encryption method, PGP or S/MIME
- sets up certificate servers and verification mechanisms
- sets up the certificate agent
- additions to the composer/viewer to select encryption/signature
and to see the status of the verification of a message.
- a preference to set a global/local/identity policy on
encryption/signatures (perhaps this should be part of the
certificate management dialog)
- additions to the address book to mark a recipient with an
encryption/signature mechansim.
There is probably other things aswell, but I thought I post this first and
then take the discussion from there.
regards.
ISSUES SUMMARY
certificate management issues
revocation
issuing
retrieveing
verification (web of trust/PKI)
message storing issues
encrypted/unencrypted
folder storage handling
UI issues
encrypting sending messages
decrypting received messages
message verification
signature verification
message certificate information
certificate agent (certificate passphrase management (similar to ssh-agent) )
signed receipt
compatability issues
compatability/independence with MUAīs
MIME
libraries
gpgme (GPG)
http://www.imc.org/imc-sfl/index.html (S/MIME)
--
Thomas Finneid
email: [EMAIL PROTECTED]
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
We have stuff for geeks like you.
http://thinkgeek.com/sf
_______________________________________________
Mahogany-Developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/mahogany-developers
