Re: SFL and Balsa



CDSA or Common Data Security Architecture spearheaded by Intel,
attempts to set an vendor and technology independent open-source
common security standards for applications.
More can be found at http://developer.intel.com/ial/security/index.htm

I heard that a lot of companies are using CDSA as a middleware to
implement their security layers in their applications.

Unfortunately, one has to implement the functions in their Messaging API
extensions, which makes a huge drawback in using CDSA in email clients.
In actual fact, SFL, developed by RSA, is not that popular in Linux.
It is mainly used in Windows. I guess RSA's reputation was tarnished by Hugh
Jackman
in the movie Swordfish...

You mentioned there's a SMIME patch for mutt. But I have noticed that Balsa
uses
Gnome to recognise the attached file's mime-type. Thus unless one registers
the file
extensions in a system file, Gnome is going to "stereotype" the file as
"application/octet-stream".
Is it possible to "plug" it into Balsa, especially in labelling what
protocol or encoding algorithm
in encryption in the mail headers? How useful will it be to use this patch
alongside with SFL?

Best Regards,
Tim

----- Original Message -----
From: "wil" <wil@dready.org>
To: "Brian Stafford" <brian@stafford.uklinux.net>
Cc: "Timothy Ang" <leonhong2001@yahoo.com>; <balsa-list@gnome.org>
Sent: Monday, October 15, 2001 7:41 PM
Subject: Re: SFL and Balsa


> Timothy: What's CDSA?
>
> >
> >Anyway the point is having S/MIME does not preclude the use of PGP/MIME.
> >
>
> But they are completely different and not-interoperable. It'd be great if
> Balsa could support both, but that's not an easy job. See below.
>
> >>  > Another thing is, it is fairly difficult to both support S/MIME and
> >>PGP at
> >>  > the same time (I don't even know of any commercial mailer that can
> >>do it).
> >>  > GPG Made Easy is an API that is supposed to be generic but it looks
> >>pretty
> >>  > young a project.
> >
> >Wrong.  Read up on multipart/encrypted (RFC 1847).  Any number of
> >mechanisms
> >can coexist in this framework.
> >
>
> I'm referring to the implementation i.e. support both in a consistent
> interface in Balsa. Conceptually the operations are mostly similar, sign
> with private key, encrypt with public key, verify with public key, decrypt
> with privkey etc. I've seen the SMIME patch for mutt, it uses lots of
> #ifdef's mainly because mutt was hardwired for PGP. It would be painful to
> do that in Balsa. But is it worth defining an abstraction for just two
> standards?
>
>
> | wil                   |
> | http://www.dready.org
>


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]