Jeff, According to the sunldap case that you site the LDAP interface was declared Evolving. This translates into either Uncommitted or Committed depending. Since this was reviewed by PSARC it is most likely Committed but check with someone from the Sun LDAP team.
After that you have my +1. Thanks, John Qing-Ming Jeff Cai wrote: > Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI > This information is Copyright 2009 Sun Microsystems > 1. Introduction > 1.1. Project/Component Working Name: > Seahorse Update and Seahorse Plugins > 1.2. Name of Document Author/Supplier: > Author: Jeff Cai > 1.3 Date of This Document: > 02 November, 2009 > 4. Technical Description > This information is Copyright 2008 Sun Microsystems > 1. Introduction > 1.1. Project/Component Working Name: > Seahorse Update and Seahorse Plugins for OpenSolaris > 1.2. Name of Document Author/Supplier: > Author: Jeff Cai > 1.3 Date of This Document: > 21 October, 2009 > 4. Technical Description > 1. Introduction > 1.1. Project/Component Working Name: > > Seahorse Update and Seahorse Plugins > > 1.2. Name of Document Author/Supplier: > > Author: Jeff Cai > Sponsor: Jeff Cai > > 1.3. Date of This Document: > > 10/29/2009 > > 1.4. Name of Major Document Customer(s)/Consumer(s): > > 1.4.1. The PAC or CPT you expect to review your project: > > Solaris PAC > > 1.4.2. The ARC(s) you expect to review your project: > > LSARC > > 1.4.3. The Director/VP who is "Sponsoring" this project: > > Robert O'Dea > > 1.4.4. The name of your business unit: > > Software - OPG > > 1.5. Email Aliases: > 1.5.1. Responsible Manager: harry.lu at sun.com > 1.5.2. Responsible Engineer: jeff.cai at sun.com > 1.5.3. Marketing Manager: glynn.foster at sun.com > 1.5.4. Interest List: brian.cameron at sun.com > darren.moffat at sun.com > wyllys.ingersoll at sun.com > > 2. Project Summary > 2.1. Project Description: > > Seahorse is a GNOME application for managing SSH, PGP keys and GNOME > keyrings. > > This update enables PGP support of Seahorse after GnuPG's integration. > Thus with Seahorse a user can create and manage PGP keys. > > Seahorse Plugins integrates with nautilus and gedit for > encryption/decryption operations. > > After GnuPG's integration, the PGP security support is also enabled in > Evolution. > > Please refer to sections below for more information about how GnuPG > is used in Nautilus, gedit, and Evolution. > > 4. Technical Description: > > As a frontend of GnuPG, all operations on PGP keys are implemented by > GnuPG > or GPGME. > > After enabling PGP supports in Seahorse, following new features are added. > > 4.1 Create and Manage PGP keys > > To create a PGP key using seahorse, the user needs to give a description > of what the key is to be used for. The user needs to specify the > encryption type (DSA Elgamal, RSA or DSA), > the key strength (768-4096) and the passphrase for the key. > > The user can list or delete PGP keys. The user can also change the > passphrase for them. > > Seahorse invokes the interface functions provided by GPGME or 'gpg' > command > line to finish all these operations. > > 4.2 Exporting and Importing PGP Keys > > Seahorse can import PGP keys from the clipboard or a key file the same > way > as SSH keys. > > Seahorse allows users to specify a PGP key file. Then Seahorse invokes > APIs > provided by GPGME to import the key. > > Users can also export PGP private or public keys to files. > > 4.3 Signing the key > > Seahorse allows a user to sign a public PGP key with a private PGP key. > It also provides UI to allow the user to revoke it. > > 4.4 Retrieve PGP public keys from servers or publish them to servers > > Keeps the user's and other's keys up to date by syncing keys periodically > with remote key servers. Syncing will make sure that the user has the > latest signatures made on all of the keys so that the web of trust > will be the most useful. > > Seahorse provides support for HKP and LDAP key servers. > > HKP Servers > HKP keyservers are ordinary web based keyservers such as the popular > hkp://pgp.mit.edu:11371, also accessible at http://pgp.mit.edu. > Seahorse uses libsoup to access HKP servers. > > LDAP Keyservers > LDAP keyservers are less common, but use the standard LDAP protocol > to serve keys. ldap://keyserver.pgp.com is a good LDAP server. > Seahorse uses sunldap to access LDAP servers. > > 4.5 Seahorse plugin for gedit > > This plugin adds three menu items in the gedit's 'Edit' menu: > Sign, Decrypt/Verify and Encrypt. > > These menu options allow the user to sign/verify or encrypt/decrypt the > selected text. > > As a client of seahorse-daemon, it calls DBus interfaces provided in > seahorse-daemon to finish all operations. > > 4.6 Seahorse plugin for Nautilus > > This plugin enables the user to sign/verify or encrypt/decrypt > files in Nautilus. > > After a file is signed or encrypted in Nautilus, a file with the same > name but with a pgp or sig extension will be created. > > The user can also verify/decrypt the file in Nautilus. > > Nautilus calls a command line helper program 'seahorse-tool' which uses > GPGME to finish the encryption operations. > > 4.7 Encryption settings > > The user can use seahorse-preferences to configure some settings which > include: > > * Default Key > > This is the key that will be used by applications and plugins to sign > files. It will also be the key that files will be encrypted to if > encrypt to self is selected. > > The default key id is saved in gconf > ~/.gconf/desktop/pgp/default_key > > * When encrypting, always include myself as a recipient > > If the user does not select this checkbox, then the user is not included > as a recipient, he will not be able to decrypt any files he encrypts. > > Sometimes the file will be encrypted using the other person's public > key, > then the file may be shared with that person in many ways such as > email, > a website, USB drive or IM messenger. If the sender just wants to send > an encrypted file and he still has the non-encrypted copy, he doesn't > need to encrypt to self. > > This setting is saved in gconf and its default value is 'true'. > > 4.8 Passphrase cache > > seahorse-agent helps the user cache the passphrase so that the user > can perform many operations that require entering the passphrase > without > re-entering it every time. It takes place of gpg-agent. > > There are several configurations for the passphrase cache: > > * Never remember passphrases, > * Remember passphreases for ... minutes, > * Always remember passphrases whenever logged in > * Ask me before using a cached passphrase > > 4.9 Encryption Applet > > Encryption Applet performs the various encryption operations using > standard OpenPGP methods. It operates on both the Ctrl-C/V and the > select/middle click clipboards. Simply copy the desired text using > the method of the user's choice, select the encryption operation from > the left click menu, follow the prompts and paste the new contents > of the clipboard into your application or view them in a display > window. > > 4.10 Enable PGP security for Evolution > > With the integration of GnuPG, PGP security is enabled in Evolution. > The user can sign/verify or encrypt/descrypt email messages. > > Evolution calls 'gpg' command line to finish all the operations. > > 4.11 Interfaces: > > Following interfaces will be added: > > Exported Interfaces > Interface Classification Comments > --------------- -------------- ------------------ > SUNWseahorse-plugins Uncommitted Package name > SUNWseahorse-plugins-root Uncommitted Package name > > ~/.gconf/desktop/pgp Volatile Config file for > seahorse-preferences. > > > /usr/bin/seahorse-agent Volatile seahorse GPG agent > for caching > PGP passphrase. > > /usr/bin/seahorse-preferences Volatile preferences for > configuring encryption > and passphrases cache. > > /usr/bin/seahorse-tool Volatile a helper program that > will encrypt/decrypt > or sign/verify a file > > /usr/lib/bonobo/servers/ > GNOME_SeahorseApplet.server Volatile the bonobo file for > seahorse applet > > /usr/lib/gedit-2/plugins/ligseahorse-pgp.so > Volatile seahorse plugin > library for gedit > > /usr/lib/gedit-2/plugins/seahorse-pgp.gedit-plugin > Volatile seahorse plugin > description file for gedit > /usr/lib/nautilus/extensions-2.0/ > libnautilus-seahorse.so Volatile the library file of > seahorse plugin for Nautilus > /usr/lib/seahorse/seahorse-applet > Volatile seahorse applet > > /usr/share/applications/seahorse-pgp-encrypted.desktop > Volatile > desktop file for mime > type 'application/pgp-encrypted' > /usr/share/applications/seahorse-pgp-keys.desktop > Volatile > desktop file for mime > type 'application/pgp-keys' > > /usr/share/applications/seahorse-pgp-prepferences.desktop > Volatile > desktop file for > seahorse-preferences > > /usr/share/applications/seahorse-pgp-signature.desktop > Volatile > desktop file for mime > type 'application/pgp-signature' > > /usr/share/doc/SUNWseahorse-plugins/* > Volatile doc files for > seahorse plugins > > /usr/share/man/man1/seahorse-* > Volatile man pages > > /usr/share/mime/packages/seahorse.xml > Volatile a file defines new > mime types > > /usr/share/seahorse-plugins/glade/* > Project Private glade files > > /etc/gconf/schemas/seahorse-gedit.schemas > Volatile seahorse plugin > schema file for gedit > > /etc/gconf/schemas/seahorse-plugins.schemas > Volatile schema file of > seahorse-agent and seahorse-applet > > Imported Interfaces > Interface Classification Comments > --------------- --------------- ----------------------- > GnuPG Uncommitted PSARC/2009/397 > GPGME Uncommitted PSARC/2009/397 > sunldap Volatile PSARC/1997/276 > libsoup Volatile LSARC/2003/298 > libgpg-error Volatile LSARC/2008/207 > > 4.12 Packaging & Delivery: > > Two new packages are delivered. > SUNWseahorse-plugins > SUNWseahorse-plugins-root > > 4.13 Security Impact: > > Seahorse is just a GUI front-end GnuPG, so all encryption related tasks > are managed by GnuPG. > > Seahorse syncs public keys with key servers using the protocols LDAP and > HKP. The communication with the server is not encrypted. > It is the user's responsibility to ensure the public key is valid or > trusted. > > Seahorse and Seahorse Plugins, like all GUI programs, depends on Xauth > security. > > These tools under review do not save sensitive information to files > directly. Instead, GnuPG does. > > 4.9 Dependencies: > > Seahorse depends on GnuPG and GPGME to operate on PGP keys. > Seahorse depends on sun ldap and libsoup to access key servers. > > 5. References > [1] Seahorse DBus Interfaces: > http://live.gnome.org/Seahorse/DBus > [2] Project page: > http://www.gnome.org/projects/seahorse > 6. Resources and Schedule > 6.4. Steering Committee requested information > 6.4.1. Consolidation C-team Name: > Desktop > 6.5. ARC review type: FastTrack > 6.6. ARC Exposure: open > > > 6. Resources and Schedule > 6.4. Steering Committee requested information > 6.4.1. Consolidation C-team Name: > OSD > 6.5. ARC review type: FastTrack > 6.6. ARC Exposure: open >
