Re: Epiphany 1.4 plan

From: Robert Marcano <robert marcanoonline com>
To: epiphany-list gnome org
Subject: Re: Epiphany 1.4 plan
Date: Tue, 30 Mar 2004 09:41:38 -0400

Hello

On Tue, 2004-03-30 at 06:28, Marco Pesenti Gritti wrote:
> Abstract:
> http://gnome.org/~marco/plan-abstract.html
> 
> Concrete:
> http://gnome.org/~marco/plan-concrete.html
> 
> This was already discussed on IRC, though more feeback would be very
> welcome.
> 

I have worked on implementing the "Certificates UI" part for epiphany,
but I have not delivered something reasonable yet (I have been involved
on some political situations here in my country '-( )

I will share with you my proposal The main idea of this module it to
become something like "gconf", a small library with the capability to
retrieve certificates from many different places using gconf like
plugins, for example read-only files, LDAP, PKCS#12 files, files on the
HOME directoty, etc...

For the epiphany/mozilla part of the solution, this library needs to
implements a PKCS#11 module
(http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/), a complex spec. I
have worked a lot with this part of the job, and have been able to
implement a test module that shows to mozilla the certificates that I
want. (the idea of this solution came from the fact that Mozilla
provides its CA certificates on libnssckbi.so that is a readonly PKCS#11
module)

The UI part of the Job could be implemented by a capplet with the
capability to manage the writable portion of the certificates that have
been found, for example the personal certificates installed on the HOME
directory. I think that this capplet must not try to manage the
certificates found on adminitrator configured repositories like LDAP, or
system directories. The personal certificates installed on the HOME
directory could be stored on a PKCS#12
(http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/) file, easily done
with NSS APIs and that provides an acceptable security level.

To accelerate the implementation of this module, I propose to split the
job (if you and your team accepts the mission ;-) ):

      * Design and implement a GObject based API to retrieve and store
        the certificates (I think that code from gconf can be borrowed
        for the configuration file and plugin parts, but i can be wrong)
      * Design the capplet GUI, and implement it on top of the GObject
        based API.
      * Implement the final PKCS#12 module on top of the GObject based
        API

> Marco Pesenti Gritti
> /lists.gnome.org/mailman/listinfo/epiphany-list
-- 
Robert Marcano

Follow-Ups:
- Re: Epiphany 1.4 plan
  - From: Robert Marcano
- Re: Epiphany 1.4 plan
  - From: Piers Cornwell

References:
- Epiphany 1.4 plan
  - From: Marco Pesenti Gritti

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]