Ah, I just realised I am a bit confused about matters, so I need to refresh my memory and I will be doing so this weekend.
But more to the point, if you are focusing on S/MIME then I will have a look at the GPG end of things. So we could coordinate our efforts, allthough in the beginning mine will less focused as I have other efforts to maintain with M at the moment. Please let me know how you will proceed. Any pointers to documents of joint interrest will be appreciated. Regards Thomas On Mon, 1 Jul 2002 21:17:47 -0400 (EDT) Richard Welty <[EMAIL PROTECTED]> wrote: > > On Mon, 1 Jul 2002 23:17:36 +0200 (CEST) Thomas Finneid > <[EMAIL PROTECTED]> wrote: > > Are you just looking at S/MIME or GPG aswell? > > my focus is on S/MIME, but much of the underlying crypto infrastructure > is > likely to be the same, so i certainly target a "proper" object oriented > design which would permit reusability where appropriate. > > > The reason I am asking is > > that if we consider GPG as well, the design could perhaps be a more > > generic > > encryption module design so that implementations and algorithms can > > easily > > be substituted. > > well, since OpenSSL is already out there, and already incorporated in > Mahogany for pop over ssl and imap over ssl, i was inclined to leverage > off > of all the fine work that has already been done there. furthermore, when > and if new crypto gets incorporated into OpenSSL, we get that for minimal > effort. > > > A word of caution though (I am sorry for the harsh wording herein, but > I > > normally don�t compromise when it comes to security. That said, I have > > neither any real understanding of GPG or S/MIME, except for superficial > > theory and practice) > > > Please keep in mind that the concepts needs to be understood fully, > > without > > exceptions, and that an implementation needs to undergo severe testing > > and > > verification, before it is usable. If the implementations design is > > flawed, > > then it is just as good as no encryption. > > i have some security background myself, and am disinclined to cut > corners. > i even tend to have negative feelings about smtp over tls (although i use > it), because i think it confuses people about the difference between the > weak security of smtp over tls vs good end-to-end security that can be > had > rom gpg/pgp and S/MIME when properly implemented and administered. > > i also think that the designers of pgp/gpg and S/MIME are smart people > and > that their basic designs are pretty sound. we need to implement what they > intended, carefully and thoroughly. > > richard > -- > Richard Welty > [EMAIL PROTECTED] > Averill Park Networking > 518-573-7592 > Unix, Linux, IP Network Engineering, Security > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf -- Thomas Finneid email: [EMAIL PROTECTED] ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Mahogany-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/mahogany-users
