Re: Epiphany 1.4 plan
- From: Piers Cornwell <piers myrealbox com>
- To: Robert Marcano <robert marcanoonline com>, epiphany-list gnome org
- Subject: Re: Epiphany 1.4 plan
- Date: Tue, 30 Mar 2004 15:20:59 +0100
Hi Robert,
Great to see that you're still working on this, and of course there's no
rush to get it in (if it doesn't make 1.4 it's no big deal).
As you say in the bug, the right move it probably to try to get this as
a desktop-wide thing using a control panel capplet as the UI.
Perhaps we should see if the Evolution guys are interested first and get
some input from them? They are probably the main other app which could
use it -- can you think of any others?
Many thanks,
-Piers
Robert Marcano wrote:
Hello
On Tue, 2004-03-30 at 06:28, Marco Pesenti Gritti wrote:
Abstract:
http://gnome.org/~marco/plan-abstract.html
Concrete:
http://gnome.org/~marco/plan-concrete.html
This was already discussed on IRC, though more feeback would be very
welcome.
I have worked on implementing the "Certificates UI" part for epiphany,
but I have not delivered something reasonable yet (I have been involved
on some political situations here in my country '-( )
I will share with you my proposal The main idea of this module it to
become something like "gconf", a small library with the capability to
retrieve certificates from many different places using gconf like
plugins, for example read-only files, LDAP, PKCS#12 files, files on the
HOME directoty, etc...
For the epiphany/mozilla part of the solution, this library needs to
implements a PKCS#11 module
(http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/), a complex spec. I
have worked a lot with this part of the job, and have been able to
implement a test module that shows to mozilla the certificates that I
want. (the idea of this solution came from the fact that Mozilla
provides its CA certificates on libnssckbi.so that is a readonly PKCS#11
module)
The UI part of the Job could be implemented by a capplet with the
capability to manage the writable portion of the certificates that have
been found, for example the personal certificates installed on the HOME
directory. I think that this capplet must not try to manage the
certificates found on adminitrator configured repositories like LDAP, or
system directories. The personal certificates installed on the HOME
directory could be stored on a PKCS#12
(http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/) file, easily done
with NSS APIs and that provides an acceptable security level.
To accelerate the implementation of this module, I propose to split the
job (if you and your team accepts the mission ;-) ):
* Design and implement a GObject based API to retrieve and store
the certificates (I think that code from gconf can be borrowed
for the configuration file and plugin parts, but i can be wrong)
* Design the capplet GUI, and implement it on top of the GObject
based API.
* Implement the final PKCS#12 module on top of the GObject based
API
Marco Pesenti Gritti
/lists.gnome.org/mailman/listinfo/epiphany-list
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]