Re: GNOME Keyring and Seahorse Goals and Vision

[Adam Schreiber <sadam gnome org>]

On Sat, Oct 9, 2010 at 6:44 PM, Stef Walter <stefw gnome org> wrote:
> Adam, Pablo, Thorsten and any other regular contributors: Please let me
> know if I got something wrong, misrepresented or missed out on something.

In the 'Icons' section, rather than reuse the seahorse icons, we
should reach out to the Gnome Art/Graphics team.  There was an IRC
dust up a while back in which neither I nor the Gnome Art guy involved
were entirely civil, but the gist was that we were using out-of-date
modified tango icons inappropriately without attribution.  We should
probably get that straightened out.

Trust Assertions

Is there a way we could boot-strap trusted GPG keys into vouching for certs?

gsecrets should probably follow the conventions of glib-dbus and other
platform librarys that integrate GObjects and DBus.

Seamless security:  I think the philosophy of providing security, but
not the appearance of more security than there actually is should be
carried forward.  This policy is at odds with user expectations and
causes such misunderstandings as the "I can see my passwords when the
key ring's unlocked" problem.  I agree we should try to come up with a
solution to this problem, but not at the cost of this policy.

Prevent logging or caching of secrets:  Encrypting the
passwords/secrets between DBus consumers doesn't even require a MITM
attack.  It's vulnerable to the same malign requestor attack as usual.
 This is a continuation of "If your security context is compromised,
everything is".

I agree with the Non-Goal 100%.  My philosophy and focus has always
been on making existing crypto easier to use, not reinventing the
stuff that's hard to get right.  Crypto UI has it's own pitfalls that
are hard enough without reinventing the wheel.

Kudos for getting that all down in writing Stef.

Cheers,

Adam