roessler> The first design problem I see with the smime tool is the
roessler> fact that it apparently tries to do most of the MIME
roessler> handling itself. From my point of view, I'd greatly
roessler> appreciate some mode which essentially looks like PGP's
roessler> detached signatures, and doesn't know anything about MIME:
roessler> Throw a text file with MIME headers at smime, and just get
roessler> the signature data back (maybe even unencoded - we do have
roessler> a base64 encoder after all ;-). Throw a text file plus a
roessler> signature at smime, and just get the decrypted text file
roessler> back. Throw a text file at smime, and get the encrypted
roessler> text file. That way, the MIME handling can be done
roessler> completely within the mail user agent (which should be
roessler> prepared to do this anyway).
Personally I don't see the problem with getting the correct mime
headers served by smime and just graft them in among all the others,
but YMMV.
roessler> The third point which makes me wonder a bit is the
roessler> handling of the user's private key, and passphrase. Unless
roessler> I'm mistaken here, the smime(1) tool essentially uses
roessler> DES_read_pw (sp?), which in turn opens /dev/tty for
roessler> reading. For the inclusion of the smime tool with mail
roessler> user agents, it would be practical to be able to pass the
roessler> user's pass phrase as the first line of stdin (or,
roessler> possibly, some other file descriptor which could be
roessler> specified as a command line parameter). That way, a mail
roessler> user agent could cache the user's pass phrase for some
roessler> time, and pass it safely to the smime crypto back-end.
This has already been addressed, although it was possibly not part of
OpenSSL 0.9.5. It is however there in the snapshot.
The change that has been made doesn't just cover smime, but all
applications that need a password. It's possible to specify on the
command line exactly where password will be passed. The possible ways
right now are through stdin, through any other fd, through an
environment variable or directly on the command line.
Choices, choices :-).
--
Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
