Since the time is out I closed this case as approved. Jeff
On Thu, 2009-11-05 at 15:50 +0800, Jeff Cai wrote: > On Tue, 2009-11-03 at 08:22 -0800, John Fischer wrote: > > Jeff, > > > > According to the sunldap case that you site the LDAP > > interface was declared Evolving. This translates into > > either Uncommitted or Committed depending. Since this > > was reviewed by PSARC it is most likely Committed but > > check with someone from the Sun LDAP team. > > > > After that you have my +1. > > John, > > I'll update the interface to 'Committed'. > > Thanks > > Jeff > > > > Thanks, > > > > John > > > > > > Qing-Ming Jeff Cai wrote: > > > Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI > > > This information is Copyright 2009 Sun Microsystems > > > 1. Introduction > > > 1.1. Project/Component Working Name: > > > Seahorse Update and Seahorse Plugins > > > 1.2. Name of Document Author/Supplier: > > > Author: Jeff Cai > > > 1.3 Date of This Document: > > > 02 November, 2009 > > > 4. Technical Description > > > This information is Copyright 2008 Sun Microsystems > > > 1. Introduction > > > 1.1. Project/Component Working Name: > > > Seahorse Update and Seahorse Plugins for OpenSolaris > > > 1.2. Name of Document Author/Supplier: > > > Author: Jeff Cai > > > 1.3 Date of This Document: > > > 21 October, 2009 > > > 4. Technical Description > > > 1. Introduction > > > 1.1. Project/Component Working Name: > > > > > > Seahorse Update and Seahorse Plugins > > > > > > 1.2. Name of Document Author/Supplier: > > > > > > Author: Jeff Cai > > > Sponsor: Jeff Cai > > > > > > 1.3. Date of This Document: > > > > > > 10/29/2009 > > > > > > 1.4. Name of Major Document Customer(s)/Consumer(s): > > > > > > 1.4.1. The PAC or CPT you expect to review your project: > > > > > > Solaris PAC > > > > > > 1.4.2. The ARC(s) you expect to review your project: > > > > > > LSARC > > > > > > 1.4.3. The Director/VP who is "Sponsoring" this project: > > > > > > Robert O'Dea > > > > > > 1.4.4. The name of your business unit: > > > > > > Software - OPG > > > > > > 1.5. Email Aliases: > > > 1.5.1. Responsible Manager: harry.lu at sun.com > > > 1.5.2. Responsible Engineer: jeff.cai at sun.com > > > 1.5.3. Marketing Manager: glynn.foster at sun.com > > > 1.5.4. Interest List: brian.cameron at sun.com > > > darren.moffat at sun.com > > > wyllys.ingersoll at sun.com > > > > > > 2. Project Summary > > > 2.1. Project Description: > > > > > > Seahorse is a GNOME application for managing SSH, PGP keys and GNOME > > > keyrings. > > > > > > This update enables PGP support of Seahorse after GnuPG's integration. > > > Thus with Seahorse a user can create and manage PGP keys. > > > > > > Seahorse Plugins integrates with nautilus and gedit for > > > encryption/decryption operations. > > > > > > After GnuPG's integration, the PGP security support is also enabled in > > > Evolution. > > > > > > Please refer to sections below for more information about how GnuPG > > > is used in Nautilus, gedit, and Evolution. > > > > > > 4. Technical Description: > > > > > > As a frontend of GnuPG, all operations on PGP keys are implemented by > > > GnuPG > > > or GPGME. > > > > > > After enabling PGP supports in Seahorse, following new features are > > > added. > > > > > > 4.1 Create and Manage PGP keys > > > > > > To create a PGP key using seahorse, the user needs to give a > > > description > > > of what the key is to be used for. The user needs to specify the > > > encryption type (DSA Elgamal, RSA or DSA), > > > the key strength (768-4096) and the passphrase for the key. > > > > > > The user can list or delete PGP keys. The user can also change the > > > passphrase for them. > > > > > > Seahorse invokes the interface functions provided by GPGME or 'gpg' > > > command > > > line to finish all these operations. > > > > > > 4.2 Exporting and Importing PGP Keys > > > > > > Seahorse can import PGP keys from the clipboard or a key file the > > > same way > > > as SSH keys. > > > > > > Seahorse allows users to specify a PGP key file. Then Seahorse > > > invokes APIs > > > provided by GPGME to import the key. > > > > > > Users can also export PGP private or public keys to files. > > > > > > 4.3 Signing the key > > > > > > Seahorse allows a user to sign a public PGP key with a private PGP > > > key. > > > It also provides UI to allow the user to revoke it. > > > > > > 4.4 Retrieve PGP public keys from servers or publish them to servers > > > > > > Keeps the user's and other's keys up to date by syncing keys > > > periodically > > > with remote key servers. Syncing will make sure that the user has the > > > latest signatures made on all of the keys so that the web of trust > > > will be the most useful. > > > > > > Seahorse provides support for HKP and LDAP key servers. > > > > > > HKP Servers > > > HKP keyservers are ordinary web based keyservers such as the > > > popular > > > hkp://pgp.mit.edu:11371, also accessible at http://pgp.mit.edu. > > > Seahorse uses libsoup to access HKP servers. > > > > > > LDAP Keyservers > > > LDAP keyservers are less common, but use the standard LDAP protocol > > > to serve keys. ldap://keyserver.pgp.com is a good LDAP server. > > > Seahorse uses sunldap to access LDAP servers. > > > > > > 4.5 Seahorse plugin for gedit > > > > > > This plugin adds three menu items in the gedit's 'Edit' menu: > > > Sign, Decrypt/Verify and Encrypt. > > > > > > These menu options allow the user to sign/verify or encrypt/decrypt > > > the > > > selected text. > > > > > > As a client of seahorse-daemon, it calls DBus interfaces provided in > > > seahorse-daemon to finish all operations. > > > > > > 4.6 Seahorse plugin for Nautilus > > > > > > This plugin enables the user to sign/verify or encrypt/decrypt > > > files in Nautilus. > > > > > > After a file is signed or encrypted in Nautilus, a file with the same > > > name but with a pgp or sig extension will be created. > > > > > > The user can also verify/decrypt the file in Nautilus. > > > > > > Nautilus calls a command line helper program 'seahorse-tool' which > > > uses > > > GPGME to finish the encryption operations. > > > > > > 4.7 Encryption settings > > > > > > The user can use seahorse-preferences to configure some settings which > > > include: > > > > > > * Default Key > > > > > > This is the key that will be used by applications and plugins to > > > sign > > > files. It will also be the key that files will be encrypted to if > > > encrypt to self is selected. > > > > > > The default key id is saved in gconf > > > ~/.gconf/desktop/pgp/default_key > > > > > > * When encrypting, always include myself as a recipient > > > > > > If the user does not select this checkbox, then the user is not > > > included > > > as a recipient, he will not be able to decrypt any files he > > > encrypts. > > > > > > Sometimes the file will be encrypted using the other person's > > > public key, > > > then the file may be shared with that person in many ways such as > > > email, > > > a website, USB drive or IM messenger. If the sender just wants to > > > send > > > an encrypted file and he still has the non-encrypted copy, he > > > doesn't > > > need to encrypt to self. > > > > > > This setting is saved in gconf and its default value is 'true'. > > > > > > 4.8 Passphrase cache > > > > > > seahorse-agent helps the user cache the passphrase so that the > > > user > > > can perform many operations that require entering the passphrase > > > without > > > re-entering it every time. It takes place of gpg-agent. > > > > > > There are several configurations for the passphrase cache: > > > > > > * Never remember passphrases, > > > * Remember passphreases for ... minutes, > > > * Always remember passphrases whenever logged in > > > * Ask me before using a cached passphrase > > > > > > 4.9 Encryption Applet > > > > > > Encryption Applet performs the various encryption operations using > > > standard OpenPGP methods. It operates on both the Ctrl-C/V and the > > > select/middle click clipboards. Simply copy the desired text using > > > the method of the user's choice, select the encryption operation > > > from > > > the left click menu, follow the prompts and paste the new contents > > > of the clipboard into your application or view them in a display > > > window. > > > > > > 4.10 Enable PGP security for Evolution > > > > > > With the integration of GnuPG, PGP security is enabled in > > > Evolution. > > > The user can sign/verify or encrypt/descrypt email messages. > > > > > > Evolution calls 'gpg' command line to finish all the operations. > > > > > > 4.11 Interfaces: > > > > > > Following interfaces will be added: > > > > > > Exported Interfaces > > > Interface Classification Comments > > > --------------- -------------- > > > ------------------ > > > SUNWseahorse-plugins Uncommitted Package name > > > SUNWseahorse-plugins-root Uncommitted Package name > > > > > > ~/.gconf/desktop/pgp Volatile Config file > > > for seahorse-preferences. > > > > > > > > > /usr/bin/seahorse-agent Volatile seahorse GPG > > > agent for caching > > > PGP passphrase. > > > > > > /usr/bin/seahorse-preferences Volatile preferences for > > > configuring encryption > > > and passphrases cache. > > > > > > /usr/bin/seahorse-tool Volatile a helper program > > > that will encrypt/decrypt > > > or sign/verify a > > > file > > > > > > /usr/lib/bonobo/servers/ > > > GNOME_SeahorseApplet.server Volatile the bonobo file > > > for seahorse applet > > > > > > /usr/lib/gedit-2/plugins/ligseahorse-pgp.so > > > Volatile seahorse plugin > > > library for gedit > > > > > > /usr/lib/gedit-2/plugins/seahorse-pgp.gedit-plugin > > > Volatile seahorse plugin > > > description file for gedit > > > /usr/lib/nautilus/extensions-2.0/ > > > libnautilus-seahorse.so Volatile the library file > > > of seahorse plugin for Nautilus > > > /usr/lib/seahorse/seahorse-applet > > > Volatile seahorse applet > > > > > > /usr/share/applications/seahorse-pgp-encrypted.desktop > > > Volatile > > > desktop file for > > > mime type 'application/pgp-encrypted' > > > /usr/share/applications/seahorse-pgp-keys.desktop > > > Volatile > > > desktop file for > > > mime type 'application/pgp-keys' > > > > > > /usr/share/applications/seahorse-pgp-prepferences.desktop > > > Volatile > > > desktop file for > > > seahorse-preferences > > > > > > /usr/share/applications/seahorse-pgp-signature.desktop > > > Volatile > > > desktop file for > > > mime type 'application/pgp-signature' > > > > > > /usr/share/doc/SUNWseahorse-plugins/* > > > Volatile doc files for > > > seahorse plugins > > > > > > /usr/share/man/man1/seahorse-* > > > Volatile man pages > > > > > > /usr/share/mime/packages/seahorse.xml > > > Volatile a file defines > > > new mime types > > > > > > /usr/share/seahorse-plugins/glade/* > > > Project Private glade files > > > > > > /etc/gconf/schemas/seahorse-gedit.schemas > > > Volatile seahorse plugin > > > schema file for gedit > > > > > > /etc/gconf/schemas/seahorse-plugins.schemas > > > Volatile schema file of > > > seahorse-agent and seahorse-applet > > > > > > Imported Interfaces > > > Interface Classification Comments > > > --------------- --------------- ----------------------- > > > GnuPG Uncommitted PSARC/2009/397 > > > GPGME Uncommitted PSARC/2009/397 > > > sunldap Volatile PSARC/1997/276 > > > libsoup Volatile LSARC/2003/298 > > > libgpg-error Volatile LSARC/2008/207 > > > > > > 4.12 Packaging & Delivery: > > > > > > Two new packages are delivered. > > > SUNWseahorse-plugins > > > SUNWseahorse-plugins-root > > > > > > 4.13 Security Impact: > > > > > > Seahorse is just a GUI front-end GnuPG, so all encryption related > > > tasks > > > are managed by GnuPG. > > > > > > Seahorse syncs public keys with key servers using the protocols LDAP > > > and > > > HKP. The communication with the server is not encrypted. > > > It is the user's responsibility to ensure the public key is valid or > > > trusted. > > > > > > Seahorse and Seahorse Plugins, like all GUI programs, depends on > > > Xauth > > > security. > > > > > > These tools under review do not save sensitive information to files > > > directly. Instead, GnuPG does. > > > > > > 4.9 Dependencies: > > > > > > Seahorse depends on GnuPG and GPGME to operate on PGP keys. > > > Seahorse depends on sun ldap and libsoup to access key servers. > > > > > > 5. References > > > [1] Seahorse DBus Interfaces: > > > http://live.gnome.org/Seahorse/DBus > > > [2] Project page: > > > http://www.gnome.org/projects/seahorse > > > 6. Resources and Schedule > > > 6.4. Steering Committee requested information > > > 6.4.1. Consolidation C-team Name: > > > Desktop > > > 6.5. ARC review type: FastTrack > > > 6.6. ARC Exposure: open > > > > > > > > > 6. Resources and Schedule > > > 6.4. Steering Committee requested information > > > 6.4.1. Consolidation C-team Name: > > > OSD > > > 6.5. ARC review type: FastTrack > > > 6.6. ARC Exposure: open > > > > >
