Re: Epiphany 1.4 plan

From: Piers Cornwell <piers myrealbox com>
To: Robert Marcano <robert marcanoonline com>, epiphany-list gnome org
Subject: Re: Epiphany 1.4 plan
Date: Tue, 30 Mar 2004 15:20:59 +0100

Hi Robert,

Great to see that you're still working on this, and of course there's norush to get it in (if it doesn't make 1.4 it's no big deal).

As you say in the bug, the right move it probably to try to get this asa desktop-wide thing using a control panel capplet as the UI.

Perhaps we should see if the Evolution guys are interested first and getsome input from them? They are probably the main other app which coulduse it -- can you think of any others?


Many thanks,

-Piers


Robert Marcano wrote:

Hello

On Tue, 2004-03-30 at 06:28, Marco Pesenti Gritti wrote:

Abstract:
http://gnome.org/~marco/plan-abstract.html

Concrete:
http://gnome.org/~marco/plan-concrete.html

This was already discussed on IRC, though more feeback would be very
welcome.



I have worked on implementing the "Certificates UI" part for epiphany,
but I have not delivered something reasonable yet (I have been involved
on some political situations here in my country '-( )

I will share with you my proposal The main idea of this module it to
become something like "gconf", a small library with the capability to
retrieve certificates from many different places using gconf like
plugins, for example read-only files, LDAP, PKCS#12 files, files on the
HOME directoty, etc...

For the epiphany/mozilla part of the solution, this library needs to
implements a PKCS#11 module
(http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/), a complex spec. I
have worked a lot with this part of the job, and have been able to
implement a test module that shows to mozilla the certificates that I
want. (the idea of this solution came from the fact that Mozilla
provides its CA certificates on libnssckbi.so that is a readonly PKCS#11
module)

The UI part of the Job could be implemented by a capplet with the
capability to manage the writable portion of the certificates that have
been found, for example the personal certificates installed on the HOME
directory. I think that this capplet must not try to manage the
certificates found on adminitrator configured repositories like LDAP, or
system directories. The personal certificates installed on the HOME
directory could be stored on a PKCS#12
(http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/) file, easily done
with NSS APIs and that provides an acceptable security level.

To accelerate the implementation of this module, I propose to split the
job (if you and your team accepts the mission ;-) ):

      * Design and implement a GObject based API to retrieve and store
        the certificates (I think that code from gconf can be borrowed
        for the configuration file and plugin parts, but i can be wrong)
      * Design the capplet GUI, and implement it on top of the GObject
        based API.
      * Implement the final PKCS#12 module on top of the GObject based
        API

Marco Pesenti Gritti
/lists.gnome.org/mailman/listinfo/epiphany-list

Follow-Ups:
- Re: Epiphany 1.4 plan
  - From: Robert Marcano

References:
- Epiphany 1.4 plan
  - From: Marco Pesenti Gritti
- Re: Epiphany 1.4 plan
  - From: Robert Marcano

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]