Re: Epiphany 1.4 plan

On Tue, 2004-03-30 at 10:20, Piers Cornwell wrote:
> Hi Robert,
> 
> Great to see that you're still working on this, and of course there's no 
> rush to get it in (if it doesn't make 1.4 it's no big deal).
> 
> As you say in the bug, the right move it probably to try to get this as 
> a desktop-wide thing using a control panel capplet as the UI.
> 
> Perhaps we should see if the Evolution guys are interested first and get 
> some input from them? They are probably the main other app which could 
> use it -- can you think of any others?

1) Classpath developers in order to implement Gnome specific versions of
http://java.sun.com/j2se/1.4.2/docs/api/java/security/cert/CertStoreSpi.html
and/or
http://java.sun.com/j2se/1.4.2/docs/api/java/security/KeyStoreSpi.html
2) Mono for the equivalent classes
3) Maybe gaim in order configure the trust setting and identification of
servers using SSL enabled IM protocols,

> 
> Many thanks,
> 
> -Piers
> 
> 
> Robert Marcano wrote:
> 
> > Hello
> > 
> > On Tue, 2004-03-30 at 06:28, Marco Pesenti Gritti wrote:
> > 
> >>Abstract:
> >>http://gnome.org/~marco/plan-abstract.html
> >>
> >>Concrete:
> >>http://gnome.org/~marco/plan-concrete.html
> >>
> >>This was already discussed on IRC, though more feeback would be very
> >>welcome.
> >>
> > 
> > 
> > I have worked on implementing the "Certificates UI" part for epiphany,
> > but I have not delivered something reasonable yet (I have been involved
> > on some political situations here in my country '-( )
> > 
> > I will share with you my proposal The main idea of this module it to
> > become something like "gconf", a small library with the capability to
> > retrieve certificates from many different places using gconf like
> > plugins, for example read-only files, LDAP, PKCS#12 files, files on the
> > HOME directoty, etc...
> > 
> > For the epiphany/mozilla part of the solution, this library needs to
> > implements a PKCS#11 module
> > (http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/), a complex spec. I
> > have worked a lot with this part of the job, and have been able to
> > implement a test module that shows to mozilla the certificates that I
> > want. (the idea of this solution came from the fact that Mozilla
> > provides its CA certificates on libnssckbi.so that is a readonly PKCS#11
> > module)
> > 
> > The UI part of the Job could be implemented by a capplet with the
> > capability to manage the writable portion of the certificates that have
> > been found, for example the personal certificates installed on the HOME
> > directory. I think that this capplet must not try to manage the
> > certificates found on adminitrator configured repositories like LDAP, or
> > system directories. The personal certificates installed on the HOME
> > directory could be stored on a PKCS#12
> > (http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/) file, easily done
> > with NSS APIs and that provides an acceptable security level.
> > 
> > To accelerate the implementation of this module, I propose to split the
> > job (if you and your team accepts the mission ;-) ):
> > 
> >       * Design and implement a GObject based API to retrieve and store
> >         the certificates (I think that code from gconf can be borrowed
> >         for the configuration file and plugin parts, but i can be wrong)
> >       * Design the capplet GUI, and implement it on top of the GObject
> >         based API.
> >       * Implement the final PKCS#12 module on top of the GObject based
> >         API
> > 
> > 
> > 
> > 
> >>Marco Pesenti Gritti
> >>/lists.gnome.org/mailman/listinfo/epiphany-list
>