Jeff, Actually, after second thought you have my +1. The Sun LDAP classification is a nit.
Thanks, John John Fischer wrote: > Jeff, > > According to the sunldap case that you site the LDAP > interface was declared Evolving. This translates into > either Uncommitted or Committed depending. Since this > was reviewed by PSARC it is most likely Committed but > check with someone from the Sun LDAP team. > > After that you have my +1. > > Thanks, > > John > > > Qing-Ming Jeff Cai wrote: >> Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI >> This information is Copyright 2009 Sun Microsystems >> 1. Introduction >> 1.1. Project/Component Working Name: >> Seahorse Update and Seahorse Plugins >> 1.2. Name of Document Author/Supplier: >> Author: Jeff Cai >> 1.3 Date of This Document: >> 02 November, 2009 >> 4. Technical Description >> This information is Copyright 2008 Sun Microsystems >> 1. Introduction >> 1.1. Project/Component Working Name: >> Seahorse Update and Seahorse Plugins for OpenSolaris >> 1.2. Name of Document Author/Supplier: >> Author: Jeff Cai >> 1.3 Date of This Document: >> 21 October, 2009 >> 4. Technical Description >> 1. Introduction >> 1.1. Project/Component Working Name: >> >> Seahorse Update and Seahorse Plugins >> >> 1.2. Name of Document Author/Supplier: >> Author: Jeff Cai >> Sponsor: Jeff Cai >> >> 1.3. Date of This Document: >> >> 10/29/2009 >> >> 1.4. Name of Major Document Customer(s)/Consumer(s): >> >> 1.4.1. The PAC or CPT you expect to review your project: >> >> Solaris PAC >> >> 1.4.2. The ARC(s) you expect to review your project: >> >> LSARC >> >> 1.4.3. The Director/VP who is "Sponsoring" this project: >> >> Robert O'Dea >> >> 1.4.4. The name of your business unit: >> >> Software - OPG >> >> 1.5. Email Aliases: >> 1.5.1. Responsible Manager: harry.lu at sun.com >> 1.5.2. Responsible Engineer: jeff.cai at sun.com >> 1.5.3. Marketing Manager: glynn.foster at sun.com >> 1.5.4. Interest List: brian.cameron at sun.com >> darren.moffat at sun.com >> wyllys.ingersoll at sun.com >> >> 2. Project Summary >> 2.1. Project Description: >> >> Seahorse is a GNOME application for managing SSH, PGP keys and >> GNOME keyrings. >> This update enables PGP support of Seahorse after GnuPG's integration. >> Thus with Seahorse a user can create and manage PGP keys. >> >> Seahorse Plugins integrates with nautilus and gedit for >> encryption/decryption operations. >> >> After GnuPG's integration, the PGP security support is also enabled >> in Evolution. >> >> Please refer to sections below for more information about how GnuPG >> is used in Nautilus, gedit, and Evolution. >> >> 4. Technical Description: >> >> As a frontend of GnuPG, all operations on PGP keys are implemented >> by GnuPG or GPGME. >> After enabling PGP supports in Seahorse, following new features >> are added. >> >> 4.1 Create and Manage PGP keys >> >> To create a PGP key using seahorse, the user needs to give a >> description of what the key is to be used for. The user needs to >> specify the encryption type (DSA Elgamal, RSA or DSA), the key >> strength (768-4096) and the passphrase for the key. >> The user can list or delete PGP keys. The user can also change the >> passphrase for them. >> >> Seahorse invokes the interface functions provided by GPGME or >> 'gpg' command >> line to finish all these operations. >> >> 4.2 Exporting and Importing PGP Keys >> >> Seahorse can import PGP keys from the clipboard or a key file the >> same way as SSH keys. >> Seahorse allows users to specify a PGP key file. Then Seahorse >> invokes APIs >> provided by GPGME to import the key. >> >> Users can also export PGP private or public keys to files. >> 4.3 Signing the key >> >> Seahorse allows a user to sign a public PGP key with a private PGP >> key. It also provides UI to allow the user to revoke it. >> >> 4.4 Retrieve PGP public keys from servers or publish them to servers >> >> Keeps the user's and other's keys up to date by syncing keys >> periodically >> with remote key servers. Syncing will make sure that the user has >> the latest signatures made on all of the keys so that the web of >> trust >> will be the most useful. >> >> Seahorse provides support for HKP and LDAP key servers. >> >> HKP Servers >> HKP keyservers are ordinary web based keyservers such as the >> popular >> hkp://pgp.mit.edu:11371, also accessible at http://pgp.mit.edu. >> Seahorse uses libsoup to access HKP servers. >> >> LDAP Keyservers >> LDAP keyservers are less common, but use the standard LDAP >> protocol >> to serve keys. ldap://keyserver.pgp.com is a good LDAP server. >> Seahorse uses sunldap to access LDAP servers. >> >> 4.5 Seahorse plugin for gedit >> >> This plugin adds three menu items in the gedit's 'Edit' menu: >> Sign, Decrypt/Verify and Encrypt. >> >> These menu options allow the user to sign/verify or >> encrypt/decrypt the selected text. >> >> As a client of seahorse-daemon, it calls DBus interfaces provided in >> seahorse-daemon to finish all operations. >> >> 4.6 Seahorse plugin for Nautilus >> >> This plugin enables the user to sign/verify or encrypt/decrypt >> files in Nautilus. >> >> After a file is signed or encrypted in Nautilus, a file with the same >> name but with a pgp or sig extension will be created. >> The user can also verify/decrypt the file in Nautilus. >> >> Nautilus calls a command line helper program 'seahorse-tool' which >> uses >> GPGME to finish the encryption operations. >> >> 4.7 Encryption settings >> >> The user can use seahorse-preferences to configure some settings >> which >> include: >> >> * Default Key >> >> This is the key that will be used by applications and plugins to >> sign >> files. It will also be the key that files will be encrypted to if >> encrypt to self is selected. >> >> The default key id is saved in gconf >> ~/.gconf/desktop/pgp/default_key >> >> * When encrypting, always include myself as a recipient >> >> If the user does not select this checkbox, then the user is not >> included >> as a recipient, he will not be able to decrypt any files he >> encrypts. >> >> Sometimes the file will be encrypted using the other person's >> public key, >> then the file may be shared with that person in many ways such >> as email, a website, USB drive or IM messenger. If the sender >> just wants to send >> an encrypted file and he still has the non-encrypted copy, he >> doesn't >> need to encrypt to self. >> >> This setting is saved in gconf and its default value is 'true'. >> >> 4.8 Passphrase cache >> >> seahorse-agent helps the user cache the passphrase so that the >> user can perform many operations that require entering the >> passphrase without re-entering it every time. It takes place >> of gpg-agent. >> >> There are several configurations for the passphrase cache: >> >> * Never remember passphrases, * Remember >> passphreases for ... minutes, >> * Always remember passphrases whenever logged in >> * Ask me before using a cached passphrase >> >> 4.9 Encryption Applet >> >> Encryption Applet performs the various encryption operations using >> standard OpenPGP methods. It operates on both the Ctrl-C/V and >> the select/middle click clipboards. Simply copy the desired >> text using >> the method of the user's choice, select the encryption >> operation from >> the left click menu, follow the prompts and paste the new contents >> of the clipboard into your application or view them in a display >> window. >> >> 4.10 Enable PGP security for Evolution >> With the integration of GnuPG, PGP security is enabled in >> Evolution. >> The user can sign/verify or encrypt/descrypt email messages. >> >> Evolution calls 'gpg' command line to finish all the operations. >> >> 4.11 Interfaces: >> >> Following interfaces will be added: >> >> Exported Interfaces >> Interface Classification Comments >> --------------- -------------- >> ------------------ >> SUNWseahorse-plugins Uncommitted Package >> name SUNWseahorse-plugins-root Uncommitted >> Package name >> ~/.gconf/desktop/pgp Volatile Config file >> for seahorse-preferences. >> >> >> /usr/bin/seahorse-agent Volatile seahorse GPG >> agent for caching >> PGP passphrase. >> >> /usr/bin/seahorse-preferences Volatile preferences >> for configuring encryption >> and passphrases cache. >> /usr/bin/seahorse-tool Volatile a helper program that >> will encrypt/decrypt >> or sign/verify >> a file >> >> /usr/lib/bonobo/servers/ >> GNOME_SeahorseApplet.server Volatile the bonobo >> file for seahorse applet >> >> /usr/lib/gedit-2/plugins/ligseahorse-pgp.so >> Volatile seahorse >> plugin library for gedit >> >> /usr/lib/gedit-2/plugins/seahorse-pgp.gedit-plugin >> Volatile seahorse >> plugin description file for gedit >> /usr/lib/nautilus/extensions-2.0/ >> libnautilus-seahorse.so Volatile the library >> file of seahorse plugin for Nautilus >> /usr/lib/seahorse/seahorse-applet >> Volatile seahorse applet >> >> /usr/share/applications/seahorse-pgp-encrypted.desktop >> Volatile >> desktop file >> for mime type 'application/pgp-encrypted' >> /usr/share/applications/seahorse-pgp-keys.desktop >> Volatile >> desktop file >> for mime type 'application/pgp-keys' >> >> /usr/share/applications/seahorse-pgp-prepferences.desktop >> Volatile >> desktop file >> for seahorse-preferences >> >> /usr/share/applications/seahorse-pgp-signature.desktop >> Volatile >> desktop file >> for mime type 'application/pgp-signature' >> >> /usr/share/doc/SUNWseahorse-plugins/* >> Volatile doc files for >> seahorse plugins >> >> /usr/share/man/man1/seahorse-* >> Volatile man pages >> >> /usr/share/mime/packages/seahorse.xml >> Volatile a file defines >> new mime types >> >> /usr/share/seahorse-plugins/glade/* >> Project Private glade files >> >> /etc/gconf/schemas/seahorse-gedit.schemas >> Volatile seahorse >> plugin schema file for gedit >> >> /etc/gconf/schemas/seahorse-plugins.schemas >> Volatile schema file of >> seahorse-agent and seahorse-applet >> Imported Interfaces >> Interface Classification Comments >> --------------- --------------- ----------------------- >> GnuPG Uncommitted PSARC/2009/397 >> GPGME Uncommitted PSARC/2009/397 >> sunldap Volatile PSARC/1997/276 >> libsoup Volatile LSARC/2003/298 >> libgpg-error Volatile LSARC/2008/207 >> 4.12 Packaging & Delivery: >> Two new packages are delivered. >> SUNWseahorse-plugins SUNWseahorse-plugins-root >> >> 4.13 Security Impact: >> Seahorse is just a GUI front-end GnuPG, so all encryption >> related tasks are managed by GnuPG. >> >> Seahorse syncs public keys with key servers using the protocols >> LDAP and HKP. The communication with the server is not encrypted. >> It is the user's responsibility to ensure the public key is valid >> or trusted. >> >> Seahorse and Seahorse Plugins, like all GUI programs, depends on >> Xauth security. >> These tools under review do not save sensitive information to >> files directly. Instead, GnuPG does. >> >> 4.9 Dependencies: >> Seahorse depends on GnuPG and GPGME to operate on PGP keys. >> Seahorse depends on sun ldap and libsoup to access key servers. >> 5. References >> [1] Seahorse DBus Interfaces: >> http://live.gnome.org/Seahorse/DBus >> [2] Project page: >> http://www.gnome.org/projects/seahorse >> 6. Resources and Schedule >> 6.4. Steering Committee requested information >> 6.4.1. Consolidation C-team Name: >> Desktop >> 6.5. ARC review type: FastTrack >> 6.6. ARC Exposure: open >> >> >> 6. Resources and Schedule >> 6.4. Steering Committee requested information >> 6.4.1. Consolidation C-team Name: >> OSD >> 6.5. ARC review type: FastTrack >> 6.6. ARC Exposure: open >>
