phpgroupware-developers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-developers] S/MIME and PGP

From: Del
Subject: Re: [Phpgroupware-developers] S/MIME and PGP
Date: Mon, 09 Sep 2002 18:19:07 +1000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020607 
Paolo Andreetto wrote:


Sounds good! Why Anglemail and not felamimail or other project?


Anglemail was there first, and it was the default e-mail app.

I looked at squirrelmail too.  It's on the drawing board for later.
Our project is just at the beginning: a module for viewing certificate data, 
no integration with email-client.
Is it possible to share code?


Yeah, sure.  I think the bit for viewing certificate data is the one
piece we don't have.


Certificate management for S/MIME is the tricky bit.  We're doing
it via LDAP.  In other words, an S/MIME implementation of Anglemail
will require an LDAP server.


LDAP is the best solution for certificate handling


Amen.

> , but what about

private keys?


In LDAP, in an attribute that is only accessible to the user.  Not a
brilliant solution but when your e-mail is entirely server based it's
just infeasible to keep the keys on the client.
I also think that keeping the keys on server, for example into database, is a bad 
solution but I cannot find a better one.


Ditto.  LDAP at least allows you to ACL the attribute so that an anonymous
user can't see the keys.

We also 3DES all of the keys of course.  So you need to enter a password
to [decrypt|sign] e-mail.  Even if someone breaks the LDAP ACLs they would
need the 3DES decryption key.

--
Del
reply via email to
[Prev in Thread] Current Thread [Next in Thread]