Re: PGP/MIME [was Re: Balsa Encrypts messages with GnuPG!]

[Alan O <alan hitter net>]

I looked at your API, and I must admit it looks really nice, and would be a
much better implementation than what I have written. BTW, Mine does also
support encryption and sign+encrypt, but like I said before, only for the
main part of the message (the one typed in the window). All the rest is
left untouched. I cleaned up the code, and now it handles basic exceptions
like bad password, missing key, missing gpg binary, and such, but the way
the code handles these things will probably have to change slightly for
decrypt/verify as it's really somewhat of a hack.

Anyway, what's the best way to get my code into the hands of someone, or
everyone, to review it and make a decision about adding it or chucking it
or whatever? I've looked through the FAQ's and I can't really see how to do
it (maybe I overlooked it?). This is my first open-source/cvs contribution.

As far as inline "hacks," they aren't as good as PGP/MIME, but they are
still used. In fact, Eudora uses inline encryption by default (at least on
the version I have). I would imagine that there are clients that only
support inline encryption (don't have any evidence because I don't have a
linux mailer that supports PGP/MIME :) ).

Anyway, I strongly agree with the use of GMime. If I knew about it a week
ago, I would have started with that.

Any information on how to submit what I have would be greatly appreciated.

Thank you,

Alan

[no signed message this time, I made my point already :)]


On 2001.01.03 22:03:15 -0500 Jeffrey Stedfast wrote:
> [comments below]
> 
> On Wed, 3 Jan 2001, Oliver Oberdorf wrote:
> > Date: Wed, 3 Jan 2001 20:29:29 +0900
> > To: balsa-list@gnome.org
> > From: Oliver Oberdorf <oly@tkk.att.ne.jp>
> > Reply-To: oly@mail.com
> > Sender: balsa-list-admin@gnome.org
> > Subject: Re: Balsa Encrypts messages with GnuPG!
> > 
> > 
> > With all respect,
> > 
> > I don't think balsa will be free of mutt for some time.  People have
> > wanted
> > PGP support in balsa for *ages*.  Others have repeatedly shot down the
> > idea of using lubmutt's PGP with this argument, but /nobody/ has time
> to
> > do
> > it this way and libmutt seems to still very much a part of balsa.  Now
> > that
> > someone is 90% done with the obvious approach, I see no reason to stop 
> > him.
> 
> He's still a long way off, he only has signatures working (and
> encryption?)
> and only for GnuPG. (btw Werner Koch is working on a library called GpgMe
> which will replace his efforts for GnuPG support).
> 
> > 
> > Plus, mutt is time-tested and I see no reason to think a from scratch
> > implementation will work better.  More flexible for developers; maybe.
> > Better integrated with gnome PGP; obviously.  Ready in 3 months or
> > less; not likely.
> 
> It can be ready easily in 3 months as I've already written a full MIME
> implementation (*with* PGP/MIME support even). All that needs to be done
> is
> to integrate it into Balsa.
> 
> IMHO, PGP/MIME is the correct PGP implementation to use - inline pgp
> hacks
> are a waste of time...sure it'd be nice to support receiving them but not
> sending them. Receiving them using my library would be a sinch as well
> anyways.
> 
> multipart/encrypted and multipart/signed are the accepted way of doing
> this
> and it works a lot better too.
> 
> The other concern is that there is no standard way of encrypting
> attachments inline (inline in this context means non-PGP/MIME). PGP/MIME
> is
> the only acceptable way of encrypting/signing attachments.
> 
> In the case of signing parts, why sign each attachment? that's a waste -
> it's better to sign the entire email message. And *that* can only be done
> with PGP/MIME.
> 
> Anyways, take a look at my API before you toss this idea aside, I believe
> that once you see the API you'll be convinced it is THE WAY.
> 
> http://www.xtorshun.org/gmime/doc/
> 
> Jeff
> 
>