Re: [Geary] Great stuff!

From: Jim Nelson <jim yorba org>
To: Robert Schroll <rschroll gmail com>
Cc: Jo-Erlend Schinstad <joerlend schinstad gmail com>, geary-list gnome org
Subject: Re: [Geary] Great stuff!
Date: Thu, 04 Dec 2014 13:41:32 -0800

Jo-Erland, thanks for the kind words regarding our source code. To add a couple of comments to Robert's thorough reply:

Handling encrypted emails makes me nervous, since there's so many ways to mess up and expose private information. But signatures seem like they wouldn't be as bad.

Like so many features in Geary (and our other projects), we prefer to incremental improvement, but in such a way that the user is gaining some kind of benefit from the new code even if not feature-complete when we ship. Robert's hit on my perspective on how to approach mail encryption, namely start with digital signatures and work from there. There's actually four major components to privacy support and a fifth component that opens up a slew of smaller features:

1. Verify an email's digital signature

2. Sign an email in the composer

3. Decrypt a received email

4. Encrypt an email prior to transmission (Does that include saving drafts? Worth a discussion.)

and

5. Keyring integration

... which isn't strictly necessary but out of the sense of offering a complete solution, we'll probably need to offer some sort of keyring manager, i.e. add and remove public keys, generate public/private pairs, import from an existing keyring, browse the ring, and more. Seahorse offers all of these features, but I suspect some subset of them will be highly desirable to make Geary's GPG support really feel seamless -- which is the name of the game for 21st century privacy support.

What's important is that 5 isn't required for the first four, which allows us to start small and work our way up. I say 1 would be the logical place to start followed by 2. Once those are in place in a way we're comfortable with, we can start thinking of 3, 4, and some subset of 5.

That's my thinking, at least. I would love it if someone would pick up this banner and start running with it. It would be best to continue this discussion on the ticket(s) before writing deep code, but I do know that familiarizing one's self with the GPG libraries is something that will have to be done no matter the approach, so it's worth starting there too.

-- Jim

References:
- [Geary] Great stuff!
  - From: Jo-Erlend Schinstad
- Re: [Geary] Great stuff!
  - From: Robert Schroll

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]