?Two Certificate Managers? (Re: regarding KPF)

Marc Mutz Marc.Mutz at uni-bielefeld.de
Fri Apr 19 11:47:12 BST 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 19 April 2002 10:59, George Staikos wrote:
<snip>
>   I pointed this out right when the Aegypten project was announced.  There
> was no interest in using the KSSL database or manager.  Thus they share
> nothing in common (to my knowledge anyways).  The only argument I've heard
> is that they have to be system independent since they have to work in KDE
> and in mutt.  I still think it's unfortunate though.

There are actually a bunch of arguments for doing it this way (these are all 
from my POV, YMMV):

- - Wasn't it that the KControl certmanager wasn't existing at the time Aegypten 
  started off?

OpenSSL:
- - The Aegypten stuff bases on gnupg (newpg). It now does s/mime, too.
  GnuPG has been extended to work with smartcards and uses app-independed GUI
  dialogs for e.g. PINentry. So sharing the database isn't impossible, they're 
  just not contracted to do it.
- - The Aegypten team has been contracted to develop _free_ software. OpenSSL 
  isn't free.
- - OpenSSL has some issues that make it difficult or impossible to write S/MIME 
  apps that are actually interoperable with braindead MS-Windows based 
  products. This is hearsay from CeBIT discussions. Werner can surely give you 
  details if needed.

Sphinx (somewhat lame excuse, I know):
- - The Sphinx list of requirements has some weird items that would have led to 
  endless discussions on whether we actually want them. I don't allege anyone 
  of the Aegypten team of thinking like that, though. But with the tight 
  schedule, it was probably easier to write a new certificate manager that was 
  designed to be Sphinx compliant from the beginning than to extend the 
  existing one to work with mulitple backends _and_ be Sphinx-compliant. Let 
  them do their stuff and later merge the two, if possible.

And the last point:
- - Very honestly, I trust Werner much, much more to do security-related
  software right than _any_ KDE developer and I'm glad that a hardcore-GNU 
  like him actually works for improving _KDE_ (although he's being paid to do 
  it) and bringing KDE to the desktops of German government personell. The 
  more so when it comes to S/MIME, with all the unclear standards and 
  contradicting implementations.

The last point is nothing against any person in particular. It's just that in 
security you have to earn your reputation. Werner has been around this 
business for at least 10 years (?) now and I don't see anyone in the KDE 
community with even comparable reputation in cryptography.

BTW: KMail/Aegypten will become the *reference implementation* for interop 
tests later on! I think this is plain fantastic!

Marc

- -- 
Marc Mutz <mutz at kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8v/Ww3oWD+L2/6DgRAmoMAKDBluwIvMIbezXN29rpy/1OiB/1GACgySjH
4PLbiVzAwHbVQaKOmM5kXfQ=
=xyPk
-----END PGP SIGNATURE-----

More information about the kde-core-devel mailing list