Subject: Re: encryption
From: Tomas Frydrych (tomas@frydrych.uklinux.net)
Date: Fri Apr 27 2001 - 03:48:16 CDT
> Bill:
> If you have an architecture where all the encryption is provided with
> the AbiWord distribution, and it is not arbitrarily extensible, then I
> agree with you.
> I don't think that's the best architecture (for crypto and for a lot
> of other things).
> I think it is better to have an architecture that lets people add
> things of their own divising. I would imagine something along the
> lines of a few plaintext parameters and then a big blob of binary
> stuff representing the object to be acted on.
This is a good point; I have not thought about this along these lines.
> (e.g., people who want to use a particular public key algorithm, for
> example).
Off the point, I am not sure we really want to venture into public key
domain, for in contrast to puting in password protection it would
require true cryptographic expertise to implement correctly; the
recently discovered bug in the OpenPGP key storage format shows
how non-trivial the issues involved are. It would be much better to
develop the plug-in framework, and then someone could write a
plugin to use a proper crypto suite for that.
> PS:- Just in case my comments are seeming overly critical (instead of
> appropriately critical)
Not at all.
Tomas
This archive was generated by hypermail 2b25 : Fri Apr 27 2001 - 03:50:06 CDT