[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: S/MIME
From: Bart Symons <bart.symons () skynet ! be>
Date: 2003-08-25 18:13:12
[Download RAW message or body]
There is one large disadvantage in relying on gpg to embed S/MIME in KMail:
gpg does not support smartcards in a standard, generic manner. It does not
support PKCS#11.
This is sad because it automatically excludes every smartcard for which the
manufacturer or issuer have gone through the trouble of providing a Linux
version of their PKCS#11 driver. In Belgium the (mandatory!) national
identity card is an RSA enabled smartcard with certificates issued by the
federal gov't. It will even have a PKCS#11 module for Linux, provided by the
government. But I won't be able to use it in KMail or Konqueror.
On Monday 25 August 2003 11:16, Ingo Klöcker wrote:
> On Saturday 23 August 2003 07:13, Harald Schmalzbauer wrote:
> > Dear developers,
> >
> > thank you very much for your great work.
> > While trying to get S/MIME working I had to read a lot about Ägypten.
> > Now this is the most rediculous way to make Kmail s/mime capable.
> > Why should s/mime be implemented in gpg?
>
> Because it makes sense to have just one tool which can be used for both,
> PGP and S/MIME.
>
> > My problem is that gpgsm seems to have many bugs (--import doesn't
> > work (bus error) also GENKEY doesn't work (general server error))
>
> Please direct any bug reports regarding the gpg stuff to the gpa-dev
> mailing list (cf. CC).
>
> > Why not use openssl like in konquerror and in sIMAP etc?
>
> There's a kssl based S/MIME plugin available in kdenonbeta (IIRC). The
> problem with openssl is that it's license is not GPL compatible. So
> it's questionable whether this kssl based S/MIME plugin can be legally
> used in KMail.
>
> > pgp/mime is working fine, but the steps you have to pass are not
> > beneficial to convince people using encryption. (On the other hand
> > one can easily use PGP in traditional way so that's not that
> > horrible)
>
> I agree with that. But OTOH everything that's necessary is already
> included for example in the SuSE distrubution. So apart from having to
> install a few extra RPMs all that's a bit complicated is the
> configuration. I agree that this has to be improved.
>
> > Kmail is really what GUI users want to have except the missing
> > encryption capabilities. In my opinion the Ägypten project was good
> > for some companies but that horrible managed that I can't see any
> > results besides some gaming/learning effects for a few people and a
> > good money burn rate.
> >
> > Sorry for that impolite expression of my opinion, but please
> > coordinate any available develpment power into s/mime implementation.
>
> Regards,
> Ingo
_______________________________________________
KMail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic