On Tue, 9 Jul 2002 17:29:12 -0400 (EDT) Richard Welty <[EMAIL PROTECTED]> wrote:
>
> On Tue, 9 Jul 2002 23:18:23 +0200 (CEST) Thomas Finneid
> <[EMAIL PROTECTED]> wrote:
>
> >
> > Yes this is true, but we will have to weigh in the options and see
> which
> > solution is most suitable, which depends on what the final plan will
> be.
>
> we should also weigh the interests of the developers as well. my primary
> interest is S/MIME, not GPG, for example. i don't object to GPG, or to
> pushing a quick GPG solution through, but it won't get any of my energy
> or
> attention.
having said this, i guess i should also point out that there's a simple
command line utility for handling S/MIME in apps/smime.c in the current
OpenSSL distribution, so a cheezy S/MIME interface is feasible on similar
terms to a cheezy GPG interface.
however, the interesting, complicated, and essential problem to be solved
is that of certificate handling for S/MIME, and while i'm no GPG/PGP
expert, i suspect that key handling rates similarly.
while there are only about 7 pages on S/MIME in Rescorla's excellent
SSL/TLS book, those 7 pages hit the all the high spots (or low points, if
you will) for certificate handling for S/MIME. this is going to be
interesting.
i believe we'll need to enhance the address book harvesting stuff to mine
S/MIME signed messages for certificates. if you receive email from someone
who signs their email, you gain the capability to send encrypted mail back
to them, and you have the opportunity to discover what ciphers they can
handle.
richard
--
Richard Welty [EMAIL PROTECTED]
Averill Park Networking 518-573-7592
Unix, Linux, IP Network Engineering, Security
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Stuff, things, and much much more.
http://thinkgeek.com/sf
_______________________________________________
Mahogany-Developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/mahogany-developers
