[Tickets #2782] S/MIME Sign using browser capabilities

bugs@bugs.horde.org bugs at bugs.horde.org
Thu Jul 27 00:35:48 PDT 2006 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=2782
-----------------------------------------------------------------------
 Ticket             | 2782
 Updated By         | mfernandez at gva.es
 Summary            | S/MIME Sign using browser capabilities
 Queue              | IMP
 Version            | HEAD
 Type               | Enhancement
 State              | Feedback
 Priority           | 1. Low
 Owners             | Horde Developers, Michael Slusarz
-----------------------------------------------------------------------


mfernandez at gva.es (2006-07-27 00:35) wrote:

Completely agree with you, thanks for the comment.
When I was coding this, I thought about exposing the MIME creation
function _createMimeMessage($to, $body) in a way I can call it AJAX style,
so the double submit would not be needed. I would just replace my
javascript code that composes the MIME hackishly and make an AJAX call the
server side to compose it, then continue signing and finally submit it.
However, I preferred to leave this strategy for later discussion with you.
Besides, I don't think we could call the MIME composing part alone, could
we? What do you think about it?

Getting back to your idea, I also thought about it, though I am not sure
how to double submit the form.
The user first click the submit, we set actionID to *COMPOSE_MIME* to
compose the MIME and not send it. The page would render again but here we
need a javascript function to hook in body onload event and re-submit the
form, this time setting actionID to *SEND_MESSAGE_AS_IS* so no other
action is taken, only send the messages.

This is much like splitting current actionID 'send_message' in two. One
that composes, the other just sends messages away.

I think we need to find a way o reusing the code block of actionID
'send_message' but not sure how. I tried to change as little as I could.

We also would need to add another config preference other than
IMP_SMIME_ENCRYPT so not to override current signing functionality.

Finally, I am now in a bit of a mess with versions. First I downloaded
Horde 3.1.1 and IMP 4.1.1 to get it up and running fast and changed code
there.
Then I checked out HEAD to produce this patch we are discussing, but I can
not run this checked out source as it is, since I do not know how to
configure it with apache. All modules are at the same level wich is
different from release code where IMP directory goes inside Horde
directory and so forth. In short, can you help me get up and running in
Apache this checked out version of IMP so I can test the changes?

I'll be on hollidays for 2 weeks, so see you then.
And sorry If it takes me too many words to explain things.

Thanks,

Mariano.

> This is indeed pretty simple, but the implementation is too hackish. 
> There is much more happening inside IMP to create a valid mime part 
> than what you have implemented in javascript.
>
> If we really need to sign the complete mime part, we need to 
> implement this differently. We could submit the form using a 
> different actionID, one that completes all steps of the send_message 
> action but doesn't send the message finally. Instead we would return 
> to the compose view with the complete mime part, trigger the 
> javascript to sign the part, and submit it again, this time with yet 
> another actionID the runs the second half of the send_message action, 
> but with the signed mime part.

More information about the bugs mailing list