On Mon, 1 Jul 2002 15:30:28 +0200 (CET) Vadim Zeitlin <[EMAIL PROTECTED]> wrote:
> On Sun, 30 Jun 2002 15:59:26 +0200 (CEST) Manuel Guesdon > <[EMAIL PROTECTED]> wrote: > MG> BTW, there's a at least one standard for crypted/signed messages: > MG> S/MIME (which I dont know). > Me neither. There is a free library to work with it, though: > http://www.imc.org/imc-sfl/index.html i have considerable interest in S/MIME, and had in the past considered volunteering some of my time to assist with an implementation of it in Mahogany. also, there is some good discussion of S/MIME in chapter 11 of Eric Rescorla's book _SSL & TLS: Designing and Building Secure Systems_ (No, S/MIME doesn't use SSL or TLS, but Rescorla does a nice job of presenting some non SSL/TLS solutions to security problems.) there's also a quite a bit on S/MIME in _Digital Certificates: Applied Internet Security_, Feghhi, Feghhi, and Williams, a book which i find useful but annoying. > This has been discussed before but I don't remember the conclusion :-( > >>From the implementor's point of view I can say that decrypting on the > fly > is much simpler to do, so I'd prefer this (just think of what happens > when > you're a viewing an encrypted message in a read only folder...). the complexity is really all in the certificate handling. there's no certainty when a message arrives that is signed and/or encrypted that you have the certificates in hand needed to deal with it. if you have them, then the rest of the work isn't so bad. good UI decisions here will determine whether or not S/MIME support would be useful or ignored. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Mahogany-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/mahogany-users
