[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP Mailer for the masses ?
-----BEGIN PGP SIGNED MESSAGE-----
To: [email protected], [email protected],
[email protected]
Date: Fri Aug 09 15:56:37 1996
Niels,
Thanks, for describing the features of Pronto Secure :)
This is how Pronto Secure matches up to your checklist:
> Here is just a short list what such a programm should be able to
> do: ( all options should be optional ;)
>
> Sending Mail:
> - Clear signing of outgoing mail
YES
> - If public key of recipients is known encrypt with those keys
YES
> - If there is access to a public keyserver try to get a public key
> for the recipients
YES
> Receiving Mail:
> - While reading mail ( similiar to premail ) try to check existing
> signatures if public key is available otherwise try to get
> public key from server
YES (do on the fly signature checking as mail arrives in inbox)
> - Traverse the web of trust and show how the public key is
> related to one own keys to mutual signatures on other public keys
> ( For example mean distance to a key signed by the recipient
> himself )
NO (we handle certification by allowing the user to modify a list of
trusted certifiers for signing keys)
> - If the mail contains a public key add it to the keyring
NO (Key is shown as an attachment icon double click on it adds it to
the keyring)
> - Don't show pgp blocks in Mail since they might confuse
YES
> Keymanagement:
> - Should be integrated in the addressbook together with E-Mail
> Address and name.
YES
> - Keys should be imported via generation or via mail or via a file
YES (or the clipboard)
> - If you have a public key without an entry in the addressbook
> take the EMail and Name from the public key
YES (or prompt user to supply address)
> - One should be able to sign the keys during import if origin is
> known
NO (signing keys is a separate process. This gives the user an
opportunity to authenticate on another channel)
> Misc:
> - Passphrase should be kept in memory for a definable time, 0 for
> immediate deletion, thus you would be prompted for the passphrase
> each time you use it. Question about Windows Swapspace ? or tag the
> memory as uncacheable ?
NO (Keyboard sniffing is too easy to do in Windows, This would give
a false sense of security)
> I would suggest creating a library with seperate io and gui parts in
> order to motivate peeple in helping who do not want to support
> mainstream products like Windows. Like taking the PGP 3.0 lib ( is it
> out yet ?) and modify it a bit.
YES (Separating UI from security functionality is also the right
way to go for offering plug in security providers)
> Since there are a variety of good functioning mailers available
> already it wouldn't make sense developing the whole stuff but instead
> only integrate the library into existing products.
NO (It will not be an easy task to design a general library of UI
elements that any mail client will be able to seemlessly plug into.)
> Do you think that such proposal is senseable and that there are
> people who would be willing to support the idea with programming
> affords ?
It exists. Plus a few additional features not mentioned, and a much
longer wish-list in the process of being implemented.
Check it out. It is available from http://www.commtouch.com/p1.htm
IMPORTANT: COMMTOUCH WILL GIVE A FREE COPY OF PRONTO SECURE TO ANY
MEMBER OF THE CODERPUNKS/CYPHERPUNKS LISTS SUPPLYING USEFUL FEEDBACK
ABOUT THE PRODUCT.
The impressions of early users of Pronto Secure can be viewed at:
http://www.commtouch.com/testers.htm (many of whom are list members)
Regards, Geoff.
- ---------------------------------------------------------------
Geoff Klein, Pronto Secure Product Manager; www.commtouch.com
My PGP public Key 1814AD45 can be obtained by sending a message
to [email protected] with "Get PGP Key" as the subject.
- ----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBMgs1ikLv5OMYFK1FAQGe/gP/RdXtVIwo7aupkJn6X4VNTuNHHymPf9fJ
k7FAsONAAP9qbr4UaWzJXxWuvmxLgt5gsMpk6yzp6vY80krQqPf6SqphW7FOjGTq
PB05bNLDHm9SRGjVvKRHzGbOr094gkFpeso2C3MeMiDbT0J5gsLJOeMJsIb4NW2A
lHZ6e+o535w=
=R2jc
-----END PGP SIGNATURE-----