----- Original Message ---- From: Lex Spoon lex@lexspoon.org
Why did you pick SMIME rather than PGP, by the way? PGP seems to be better established, in part because it is not just for email.
I chose SMIME for several reasons: 1) OpenPGP support has already been started by Hans Martin Mosner and I didn't want to step on his work, since I didn't understand it. 2) I wanted to leverage the work we had done on ASN.1 and S/MIME uses CMS which is defined using ASN.1 3) Both Mac Email and MS Outlook provide S/MIME support by default. All you need do is add a Certificate, and you are encrypting and signing. I felt S/MIME had more installed base. 4) Most CAs issue Certificates in X509 format, used by SMIME 4) I was bored and I needed a project.
Would it be possible to support both S/MIME and PGP? I have defined a CertificateStore, which I persist on disk, in which I save the users private key, the user's certificates, and the recipients' Certificates for encrypting. Presumable PGP needs the same kind of info. I had read that the Certificate structure is different for PGP, so maybe that would be sufficient for differentiating between the two.
If we added SMIME to Celeste, it would become dependent on most of the Cryptography repository (http://www.squeaksource.com/Cryptography) - would that be ok? There would need to be some UI changes - when editing to mark an email for signing and/or encryption, and when receiving an email to display whether signed, encrypted, or both. It may make sense to have a header form and a body form, and the body form would be multipart aware. I dunno.
Rob
Lex,
I finally got SMIME signed mail working, having found a bug in RSA Signature code. I am getting the Crypto code updated on SqueakMap and I have published the latest SMIME in the Cryptography Monticello repository.
So do you want to integrate SMIME into Celeste?
On Apr 20, 2007, at 3:52 PM, Rob Withers wrote:
If we added SMIME to Celeste, it would become dependent on most of the Cryptography repository (http://www.squeaksource.com/Cryptography)
The new Crypto library is published to SqueakMap as 'Cryptography Team Package' and a new one is forthcoming that is needed for SMIME.
cheers, Robert
Robert Withers reefedjib@yahoo.com writes:
Lex,
I finally got SMIME signed mail working, having found a bug in RSA Signature code. I am getting the Crypto code updated on SqueakMap and I have published the latest SMIME in the Cryptography Monticello repository.
So do you want to integrate SMIME into Celeste?
On Apr 20, 2007, at 3:52 PM, Rob Withers wrote:
If we added SMIME to Celeste, it would become dependent on most of the Cryptography repository (http://www.squeaksource.com/Cryptography)
The new Crypto library is published to SqueakMap as 'Cryptography Team Package' and a new one is forthcoming that is needed for SMIME.
Hey, Robert,
In general this sounds great! If SMIME is popular, then Celeste may as well support it!
I admit I have a soft spot for PGP's web of trust approach to signatures. Certification Authorities are important even for PGP, but not to the same prominance. Do you know if it is even possible for a normal person to get a CA-approved SMIME-compatible cerificate? How much would it cost? PGP is all free.
Anyway, let's figure out how to get it integrated.
First, depending on Cryptography is just fine. It seems inevitable for a full-featured mail reader to depend on lots of stuff. I guess it would be possible to make the cryptography features optional, but then again, it doesn't strike me as a big deal.
Second, here is a sequence of mods that would seem to get the code integrated. Please correct anything that sounds bonkers.
1. MailMessage>>format should decrypt and check signatures when the message needs it. Whether it succeeds or fails, it can then insert a message at the top of the formatted result describing what it did, e.g. whether the signature passed.
2. MailAccount should have certificate information for the user, and Celeste should have menu items for modifying that information. I honestly don't know whether the certificate should be held in a file or in the image....
3. CelesteComposition ("Mr. Postman") should have buttons for signing and encrypting a message. (By the way, I notice there is a separate MailComposition class that looks like a clone of CelesteComposition. Don't be misled! In fact, this needs some refactoring; my initial vote would be to get rid of MailComposition, as the shortest path to a sane factoring.)
These three would seem to do the trick, don't you think? All the real work would be left to your SMIME package.
I do NOT plan to implement these immediately, because I have been spending my charity-work time on package universes lately. So, Rob or anyone, feel free to beat me to it and send me an mcz or a changeset. In the meantime, I'll put this all on my Celeste todo list.
Lex
squeak-dev@lists.squeakfoundation.org