[dev] PGP support for IMP - A start...

Ola Lundqvist opal@debian.org
Thu, 18 Apr 2002 20:12:15 +0200
Previous message: [dev] Updates for Swedish translation in the HEAD branch
Next message: [dev] OpenPGP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Does not read this ofthen but gnupg interests me a lot.

On Wed, Mar 27, 2002 at 12:43:44PM -0500, Chuck Hagenbuch wrote:
> Quoting Michael M Slusarz <slusarz@bigworm.colorado.edu>:
> 
> > 1.) I think it is best to support GnuPG, and GnuPG only.  Unlike
> > 'regular' PGP, GnuPG can be distributed in any country, and is 
> > (essentially) the same as 'regular' PGP.
> 
> This is fine.

Agreed.

> > 2.) PGP messages are embedded in a text/plain encoding, so the best
> > place to put in any hooks for PGP is into the IMP_MIME_Viewer_text 
> > class.  We can just search for a '-----BEGIN PGP SIGNED MESSAGE-----' 
> > string and if found, and maybe if we have a PGP preference and it is set 
> > to on, we enable PGP processing.
> 
> Sometimes signatures are in attachments, though, right? Those should have 

Not only sometimes. Most of the time according to what I have seen.
Well it depends on the environemnt. :)

> Horde-level MIME_Viewer drivers. But yeah, hooks can go in 
> IMP_MIME_Viewer_text.
> 
> > 3.) How do we display results?  When receiving messages, for instance,
> > do we display the undecrypted message and then have a link on the page 
> > to decrypt (and where would this link be?  in the attachment field area 
> > at the top of the message?  Or more like the "different character-set" 
> > message?
> 
> For signatures, adding a header - something like "this message is PGP 
> signed, and verified", verification failed, should be fine. For encrypted 
> messages, how about saying "this was PGP encrypted" and then displaying 
> the decrypted message if we can decrypt it, and displaying "decryption 
> failed" and then the encrypted message if we can't?

We have one problem here. I have quite lot of experience with mutt and
gpg support integrated. The problem here is if you do not have the
key for the sender you have to download it from a keyserver. If this
is done automatically you can easily get loong delays. So my suggestion
is to have a verify (or verify/download) button to verify the message.

In some other cases the verification can take loong time (it takes
quite long time if I have around 30 keys in my keyring on a P200).

This can of course be configurable but I think I should mention it.

> > 4.) All PGP support should be put into its own IMP_PGP class (unless
> > anyone can think of a better class to stick it into...)
> 
> This should definitely be at the Horde level - Horde_Crypt_GnuPG, etc., 
> with the api defined by Horde_Crypt.

Agreed.

> > 5.) Since I believe one of the purposes/goals of IMP is to have a fully
> > featured client without ever needing shell access, this means that all
> > PGP keys must be stored in the prefs framework.  This doesn't seem to be 
> > a problem with receiving messages since we are only using public keys
> > (Keep all keys in a serialized field?).  We may have a problem with
> > composition since this requires private keys - what kind of security 
> > concerns do we have with a preference framework for storing private 
> > information?  Leave it up to the user to decide with a warning message?
> 
> Something I thought of a while ago was having Turba know about a 
> special "public_key" field, which IMP could use to retrieve the keys of 
> people in your addressbook. I'd like to do it that way, instead of storing 
> keys in preferences - seems a bit nicer.

Sounds nice to me.

> For storing private keys, there are a lot of half-measures that can be 
> done. I definitely wouldn't store someone's decrypted private key (make 
> them enter the passphrase, at least in each IMP session (we can encrypt 
> the passphrase in the session store like we do the password). We can have 
> Horde encrypt people's passphrases in their preferences with an encryption 
> key, but that just means you need that key... not sure if there's a good 
> way around saying "you need to keep this server secure" ...

I like this becuase in some situations you have a imp-enabled mailserver
on a internal network. In these cases this can be very useful. Of course
this should be made as secure as possible. To force the user to
enter his/her passphrase every session is a must. People do that
all the time if they are using any other pgp-enabled mailutil. Including
mutt, outlook, eudora, evolution, pine etc. I've never seen one that stores
the password between sessions.

Regards,

// Ola

> -chuck
> 
> --
> Charles Hagenbuch, <chuck@horde.org>
> "A dream which helps you to live your reality with dignity
>  and justice is a good dream." - Tariq Ramadan
> 
> -- 
> Horde Developers mailing list: http://horde.org/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: dev-unsubscribe@lists.horde.org
> 

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Björnkärrsgatan 5 A.11   \
|  opal@lysator.liu.se                 584 36 LINKÖPING         |
|  +46 (0)13-17 69 83                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------
Previous message: [dev] Updates for Swedish translation in the HEAD branch
Next message: [dev] OpenPGP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]