2013-08-13 17:37 keltezéssel, David Feurle írta:
Hi Péter,
thanks for your response.
My comments are in the text.
Hi David,
Am 13.08.2013 13:29, schrieb Szládovics Péter:
Dear David,
I'm very interested in this subject. My questions above.
2013-08-13 12:36 keltezéssel, David Feurle írta:
Dear sogo mailinglist,
I have developed a smime plugin for firefox which allows to read
smime signed and crypted mails in the webmail interface of sogo.
It works fine for me but has certain limitations which up to now
prevented me from publishing it.
Up to now I'm able to read smime end to end encrypted mail by using
the webmail interface.
What is still missing is the possibility to compose encrypted mails
and the possibility to download any encrypted email attachments.
Will you work on it?
Up to now I thought that nobody would be interested. So we use it in
our company - and for us it was working fine up to now.
If there are different user needs I would try to solve the problems.
I've the list since April, so I didn't read it :) But now.
I Think this problem is only in commercial infrastructure. The mail
encryption and security not a high priority in personal environments -
*unfortunately* of course.
But... I think the mail encription is the task of the mail app - e.g.
Thunderbird. In the webmail we need to read in the 90 percent of cases.
So, my opinion the reading encrypted mails on the web is almost
enough. about
Of course it's fine to be able to read emails. I was hoping for some
support by the sogo developers to be able to as well compose emails.
The problem is that I am familar with javascript/xpcom/c++ but I have
no idea of ObjectiveC.
In this situation I cannot help you - I've a little shellscript and perl
(and minimal PHP) knowledge, but nothing in the above :) (ok, very
minimal in javascript - handling mouse events, forms, opening popups -
but no more).
The plugin enables users of sogo to read their encrypted emails in
their browser without the need to save their encryption key on the
mail server.
Great.
Nearly exactly one year ago I was asking this mailing list if there
is some interest in making this working and useful for all sogo users.
( see:
https://inverse.ca/sogo/lists/arc/users/2012-07/msg00167.html). The
current implementation does no longer use the firefox cert store but
the
Why? If it is a FF plugin, then the best practice is the using the FF
certstore - I think.
I was doing it using c++. I was not aware that firefox contains all
needed XPCOM Components to do smime in the browser.
I found some Interfaces in Thunderbird but they are missing in Firefox.
Yep, understood. How it works under Linux? Which certstore will be used
by your app?
My code uses a cryptAPI that uses on Windows the native Cert Store.
I think I could change the code easily to allow the firefox cert store
now since I learned what interfaces to use.
Another thing I was thinking is to upload the crypted private key
(pfx/p12) to the sogo server.
The Server could serve this file to the browser (when logged in) and
prompt the user for the passwort of the key file.
This way the user does not need to install his private key on the
machine he/she does use for webmail.
It would be only be decrypted for one session.
windows/Linux system certificate storage and does not longer require
the user to have a perl installation.
Up to now I have not received any feedback.
You have already one.
Perhaps it now is of greater interest since the revielings of Edward
Snowden showed how limited the security of email is without using
end to end encryption.
Accept.
If there is any interest I could explain in a more detailed form
what and how the plugin does what it does and what functions sogo is
missing to make the plugin even more useful.
I think, if you don't want to upload private key to the webserver,
you need to modify the ajax editor. But it will be problem with text
mails.
The biggest problem is IMHO that the mails are composed in the client
but the server handles the mime stuff.
I can create a complete smime formated mail in the client, but as far
as I know sogo lacks the ability to send this mail composed on the
client for me.
Yes, it's bigger problem than I thought at first...
--
users@sogo.nu
https://inverse.ca/sogo/lists
