KDE and smartcard support

Aaron J. Seigo aseigo at kde.org
Wed May 23 19:13:28 BST 2007 

On Wednesday 23 May 2007, Alon Bar-Lev wrote:
> On 5/23/07, Aaron J. Seigo <aseigo at kde.org> wrote:
> > > Why not, please please explain.
> >
> > i already have, as have others. if you are still mystified, just accept
> > it as an axiom for now because we, as the current maintainers of kdelibs,
> > have come to that conclusion at this time. move on.
>
> I wish I could... we will always return to the same issue. You will
> see this next.
>
> > to start at the beginning and show me code, in particular how such
> > hardware based auth support might look in KDE's API. i'm not interested
> > in crypto in kmail at this point, for instance.
> >
> > your next email needs to be about that API and include sample code,
> > because that is the only productive move at this point. thank you for
> > cooperating and making this a fruitful discussion.
>
> Let's discuss TLS session for now, ok?
> I will skip the configuration API since it is irrelevant to our
> discussion and can be always completed later.
>
> In term of application developer THERE IS NO CHANGE IN CURRENT API.
> Surprised?!?!?!
...
> Is this what you expected?

exactly. in fact, this is exactly the "front end, back end" separation 
suggested several emails ago. wonderful! now, barring further input from the 
others working on this body of code (e.g. George of KSSL and Andreas of 
QSslSocket) we just need the actual implementation of this so we can check it 
into svn somewhere to start testing and auditing.

> I would also like to allow importing PKCS#12 identities into the
> configuration, so that certificates will available as none encrypted
> during key negotiations so passphrase prompt will be triggered only
> for the selected one. (Certificates are encrypted in PKCS#12 format,
> and we need to extract the certificate during negotiation without
> prompting for passphrase). But this all a configuration issue, and
> should have already implemented in current implementation... But this
> is usability improvement.

i think this is a no-brainer to say "yes" to.

-- 
Aaron J. Seigo
humru othro a kohnu se
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA  EE75 D6B7 2EB1 A7F1 DB43

Full time KDE developer sponsored by Trolltech (http://www.trolltech.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20070523/4c03ea43/attachment.sig>

More information about the kde-core-devel mailing list