The reorganization of the SMIME crypto code for future new PGP support
is a different issue than the new features you are coming out with,
though may be considered a preliminary step.
Noel J. Bergman wrote:
Vincenzo,
To reiterate from previous postings, here are some use cases that I would
really like to see:
1) Accept e-mail that is properly signed.
We would want to be able to distinguish between properly signed, which
we could accept for local delivery, and properly signed by someone
authorized as a local user, which would allow roaming users to relay
mail. The latter use is a fairly easy one, since we would maintain our
own keystore, but the former use would require us to be able to deal
with something like the Online Certificate Status Protocol (OCSP).
I f I understand well, checking for being properly signed is already
available thru the SMIMECheckSignature mailet with the
<onlyTrusted>true</onlyTrusted> option.
Since we have various fast-fail checks, it would be necessary to allow
deferring some other fast-fail checks until after we can try to verify
the signature in the onMessage handler. The term "fast-fail" really
means "in-protocol" as opposed to rejecting with a subsequent DSN.
The "crypto" related code should be done/enhanced in such a way to be
usable not only in matchers/mailets but also at "fast-fail" time.
2) Accept mail for a mailing list if it is signed by a known/permitted sender,
which might be different from the subscriber list.
3) Accept encrypted e-mail for a list from senders, decrypt it, and encrypt it
for each recipient. This would imply that we have a private key associated
with the list, and known public keys for subscribers.
My priority order would probably be #3, #2, then #1.
--- Noel
I agree on those ideas; but on the meantime I would start with the
rearrangement I described. The new KeyHolder and KeyStoreHolder
interfaces and the related implementations can be later on expanded to
allow for new functionalities. What do you think?
Vincenzo
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
