On Mon, 1 Jul 2002 23:17:36 +0200 (CEST) Thomas Finneid <[EMAIL PROTECTED]> wrote:
> Are you just looking at S/MIME or GPG aswell?
my focus is on S/MIME, but much of the underlying crypto infrastructure is
likely to be the same, so i certainly target a "proper" object oriented
design which would permit reusability where appropriate.
> The reason I am asking is
> that if we consider GPG as well, the design could perhaps be a more
> generic
> encryption module design so that implementations and algorithms can
> easily
> be substituted.
well, since OpenSSL is already out there, and already incorporated in
Mahogany for pop over ssl and imap over ssl, i was inclined to leverage off
of all the fine work that has already been done there. furthermore, when
and if new crypto gets incorporated into OpenSSL, we get that for minimal
effort.
> A word of caution though (I am sorry for the harsh wording herein, but I
> normally don�t compromise when it comes to security. That said, I have
> neither any real understanding of GPG or S/MIME, except for superficial
> theory and practice)
> Please keep in mind that the concepts needs to be understood fully,
> without
> exceptions, and that an implementation needs to undergo severe testing
> and
> verification, before it is usable. If the implementations design is
> flawed,
> then it is just as good as no encryption.
i have some security background myself, and am disinclined to cut corners.
i even tend to have negative feelings about smtp over tls (although i use
it), because i think it confuses people about the difference between the
weak security of smtp over tls vs good end-to-end security that can be had
rom gpg/pgp and S/MIME when properly implemented and administered.
i also think that the designers of pgp/gpg and S/MIME are smart people and
that their basic designs are pretty sound. we need to implement what they
intended, carefully and thoroughly.
richard
--
Richard Welty [EMAIL PROTECTED]
Averill Park Networking 518-573-7592
Unix, Linux, IP Network Engineering, Security
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Mahogany-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/mahogany-users
