On Tue, 2009-11-03 at 08:22 -0800, John Fischer wrote: > Jeff, > > According to the sunldap case that you site the LDAP > interface was declared Evolving. This translates into > either Uncommitted or Committed depending. Since this > was reviewed by PSARC it is most likely Committed but > check with someone from the Sun LDAP team. > > After that you have my +1.
John, I'll update the interface to 'Committed'. Thanks Jeff > > Thanks, > > John > > > Qing-Ming Jeff Cai wrote: > > Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI > > This information is Copyright 2009 Sun Microsystems > > 1. Introduction > > 1.1. Project/Component Working Name: > > Seahorse Update and Seahorse Plugins > > 1.2. Name of Document Author/Supplier: > > Author: Jeff Cai > > 1.3 Date of This Document: > > 02 November, 2009 > > 4. Technical Description > > This information is Copyright 2008 Sun Microsystems > > 1. Introduction > > 1.1. Project/Component Working Name: > > Seahorse Update and Seahorse Plugins for OpenSolaris > > 1.2. Name of Document Author/Supplier: > > Author: Jeff Cai > > 1.3 Date of This Document: > > 21 October, 2009 > > 4. Technical Description > > 1. Introduction > > 1.1. Project/Component Working Name: > > > > Seahorse Update and Seahorse Plugins > > > > 1.2. Name of Document Author/Supplier: > > > > Author: Jeff Cai > > Sponsor: Jeff Cai > > > > 1.3. Date of This Document: > > > > 10/29/2009 > > > > 1.4. Name of Major Document Customer(s)/Consumer(s): > > > > 1.4.1. The PAC or CPT you expect to review your project: > > > > Solaris PAC > > > > 1.4.2. The ARC(s) you expect to review your project: > > > > LSARC > > > > 1.4.3. The Director/VP who is "Sponsoring" this project: > > > > Robert O'Dea > > > > 1.4.4. The name of your business unit: > > > > Software - OPG > > > > 1.5. Email Aliases: > > 1.5.1. Responsible Manager: harry.lu at sun.com > > 1.5.2. Responsible Engineer: jeff.cai at sun.com > > 1.5.3. Marketing Manager: glynn.foster at sun.com > > 1.5.4. Interest List: brian.cameron at sun.com > > darren.moffat at sun.com > > wyllys.ingersoll at sun.com > > > > 2. Project Summary > > 2.1. Project Description: > > > > Seahorse is a GNOME application for managing SSH, PGP keys and GNOME > > keyrings. > > > > This update enables PGP support of Seahorse after GnuPG's integration. > > Thus with Seahorse a user can create and manage PGP keys. > > > > Seahorse Plugins integrates with nautilus and gedit for > > encryption/decryption operations. > > > > After GnuPG's integration, the PGP security support is also enabled in > > Evolution. > > > > Please refer to sections below for more information about how GnuPG > > is used in Nautilus, gedit, and Evolution. > > > > 4. Technical Description: > > > > As a frontend of GnuPG, all operations on PGP keys are implemented by > > GnuPG > > or GPGME. > > > > After enabling PGP supports in Seahorse, following new features are > > added. > > > > 4.1 Create and Manage PGP keys > > > > To create a PGP key using seahorse, the user needs to give a > > description > > of what the key is to be used for. The user needs to specify the > > encryption type (DSA Elgamal, RSA or DSA), > > the key strength (768-4096) and the passphrase for the key. > > > > The user can list or delete PGP keys. The user can also change the > > passphrase for them. > > > > Seahorse invokes the interface functions provided by GPGME or 'gpg' > > command > > line to finish all these operations. > > > > 4.2 Exporting and Importing PGP Keys > > > > Seahorse can import PGP keys from the clipboard or a key file the same > > way > > as SSH keys. > > > > Seahorse allows users to specify a PGP key file. Then Seahorse invokes > > APIs > > provided by GPGME to import the key. > > > > Users can also export PGP private or public keys to files. > > > > 4.3 Signing the key > > > > Seahorse allows a user to sign a public PGP key with a private PGP key. > > It also provides UI to allow the user to revoke it. > > > > 4.4 Retrieve PGP public keys from servers or publish them to servers > > > > Keeps the user's and other's keys up to date by syncing keys > > periodically > > with remote key servers. Syncing will make sure that the user has the > > latest signatures made on all of the keys so that the web of trust > > will be the most useful. > > > > Seahorse provides support for HKP and LDAP key servers. > > > > HKP Servers > > HKP keyservers are ordinary web based keyservers such as the popular > > hkp://pgp.mit.edu:11371, also accessible at http://pgp.mit.edu. > > Seahorse uses libsoup to access HKP servers. > > > > LDAP Keyservers > > LDAP keyservers are less common, but use the standard LDAP protocol > > to serve keys. ldap://keyserver.pgp.com is a good LDAP server. > > Seahorse uses sunldap to access LDAP servers. > > > > 4.5 Seahorse plugin for gedit > > > > This plugin adds three menu items in the gedit's 'Edit' menu: > > Sign, Decrypt/Verify and Encrypt. > > > > These menu options allow the user to sign/verify or encrypt/decrypt the > > selected text. > > > > As a client of seahorse-daemon, it calls DBus interfaces provided in > > seahorse-daemon to finish all operations. > > > > 4.6 Seahorse plugin for Nautilus > > > > This plugin enables the user to sign/verify or encrypt/decrypt > > files in Nautilus. > > > > After a file is signed or encrypted in Nautilus, a file with the same > > name but with a pgp or sig extension will be created. > > > > The user can also verify/decrypt the file in Nautilus. > > > > Nautilus calls a command line helper program 'seahorse-tool' which uses > > GPGME to finish the encryption operations. > > > > 4.7 Encryption settings > > > > The user can use seahorse-preferences to configure some settings which > > include: > > > > * Default Key > > > > This is the key that will be used by applications and plugins to sign > > files. It will also be the key that files will be encrypted to if > > encrypt to self is selected. > > > > The default key id is saved in gconf > > ~/.gconf/desktop/pgp/default_key > > > > * When encrypting, always include myself as a recipient > > > > If the user does not select this checkbox, then the user is not > > included > > as a recipient, he will not be able to decrypt any files he encrypts. > > > > Sometimes the file will be encrypted using the other person's public > > key, > > then the file may be shared with that person in many ways such as > > email, > > a website, USB drive or IM messenger. If the sender just wants to send > > an encrypted file and he still has the non-encrypted copy, he doesn't > > need to encrypt to self. > > > > This setting is saved in gconf and its default value is 'true'. > > > > 4.8 Passphrase cache > > > > seahorse-agent helps the user cache the passphrase so that the user > > can perform many operations that require entering the passphrase > > without > > re-entering it every time. It takes place of gpg-agent. > > > > There are several configurations for the passphrase cache: > > > > * Never remember passphrases, > > * Remember passphreases for ... minutes, > > * Always remember passphrases whenever logged in > > * Ask me before using a cached passphrase > > > > 4.9 Encryption Applet > > > > Encryption Applet performs the various encryption operations using > > standard OpenPGP methods. It operates on both the Ctrl-C/V and the > > select/middle click clipboards. Simply copy the desired text using > > the method of the user's choice, select the encryption operation from > > the left click menu, follow the prompts and paste the new contents > > of the clipboard into your application or view them in a display > > window. > > > > 4.10 Enable PGP security for Evolution > > > > With the integration of GnuPG, PGP security is enabled in Evolution. > > The user can sign/verify or encrypt/descrypt email messages. > > > > Evolution calls 'gpg' command line to finish all the operations. > > > > 4.11 Interfaces: > > > > Following interfaces will be added: > > > > Exported Interfaces > > Interface Classification Comments > > --------------- -------------- > > ------------------ > > SUNWseahorse-plugins Uncommitted Package name > > SUNWseahorse-plugins-root Uncommitted Package name > > > > ~/.gconf/desktop/pgp Volatile Config file > > for seahorse-preferences. > > > > > > /usr/bin/seahorse-agent Volatile seahorse GPG agent > > for caching > > PGP passphrase. > > > > /usr/bin/seahorse-preferences Volatile preferences for > > configuring encryption > > and passphrases cache. > > > > /usr/bin/seahorse-tool Volatile a helper program > > that will encrypt/decrypt > > or sign/verify a > > file > > > > /usr/lib/bonobo/servers/ > > GNOME_SeahorseApplet.server Volatile the bonobo file for > > seahorse applet > > > > /usr/lib/gedit-2/plugins/ligseahorse-pgp.so > > Volatile seahorse plugin > > library for gedit > > > > /usr/lib/gedit-2/plugins/seahorse-pgp.gedit-plugin > > Volatile seahorse plugin > > description file for gedit > > /usr/lib/nautilus/extensions-2.0/ > > libnautilus-seahorse.so Volatile the library file of > > seahorse plugin for Nautilus > > /usr/lib/seahorse/seahorse-applet > > Volatile seahorse applet > > > > /usr/share/applications/seahorse-pgp-encrypted.desktop > > Volatile > > desktop file for > > mime type 'application/pgp-encrypted' > > /usr/share/applications/seahorse-pgp-keys.desktop > > Volatile > > desktop file for > > mime type 'application/pgp-keys' > > > > /usr/share/applications/seahorse-pgp-prepferences.desktop > > Volatile > > desktop file for > > seahorse-preferences > > > > /usr/share/applications/seahorse-pgp-signature.desktop > > Volatile > > desktop file for > > mime type 'application/pgp-signature' > > > > /usr/share/doc/SUNWseahorse-plugins/* > > Volatile doc files for > > seahorse plugins > > > > /usr/share/man/man1/seahorse-* > > Volatile man pages > > > > /usr/share/mime/packages/seahorse.xml > > Volatile a file defines new > > mime types > > > > /usr/share/seahorse-plugins/glade/* > > Project Private glade files > > > > /etc/gconf/schemas/seahorse-gedit.schemas > > Volatile seahorse plugin > > schema file for gedit > > > > /etc/gconf/schemas/seahorse-plugins.schemas > > Volatile schema file of > > seahorse-agent and seahorse-applet > > > > Imported Interfaces > > Interface Classification Comments > > --------------- --------------- ----------------------- > > GnuPG Uncommitted PSARC/2009/397 > > GPGME Uncommitted PSARC/2009/397 > > sunldap Volatile PSARC/1997/276 > > libsoup Volatile LSARC/2003/298 > > libgpg-error Volatile LSARC/2008/207 > > > > 4.12 Packaging & Delivery: > > > > Two new packages are delivered. > > SUNWseahorse-plugins > > SUNWseahorse-plugins-root > > > > 4.13 Security Impact: > > > > Seahorse is just a GUI front-end GnuPG, so all encryption related tasks > > are managed by GnuPG. > > > > Seahorse syncs public keys with key servers using the protocols LDAP > > and > > HKP. The communication with the server is not encrypted. > > It is the user's responsibility to ensure the public key is valid or > > trusted. > > > > Seahorse and Seahorse Plugins, like all GUI programs, depends on Xauth > > security. > > > > These tools under review do not save sensitive information to files > > directly. Instead, GnuPG does. > > > > 4.9 Dependencies: > > > > Seahorse depends on GnuPG and GPGME to operate on PGP keys. > > Seahorse depends on sun ldap and libsoup to access key servers. > > > > 5. References > > [1] Seahorse DBus Interfaces: > > http://live.gnome.org/Seahorse/DBus > > [2] Project page: > > http://www.gnome.org/projects/seahorse > > 6. Resources and Schedule > > 6.4. Steering Committee requested information > > 6.4.1. Consolidation C-team Name: > > Desktop > > 6.5. ARC review type: FastTrack > > 6.6. ARC Exposure: open > > > > > > 6. Resources and Schedule > > 6.4. Steering Committee requested information > > 6.4.1. Consolidation C-team Name: > > OSD > > 6.5. ARC review type: FastTrack > > 6.6. ARC Exposure: open > >
