Proposal for a Desktop Neutral Crypto API

Jose Carlos Garcia Sogo jsogo at debian.org
Sat Apr 2 01:57:53 EEST 2005


El vie, 01-04-2005 a las 22:58 +0000, Nate Nielsen escribió:
> Mike Hearn wrote:
> > Hmm, why is this a "DBUS API", which forces the use of IPC instead of a
> > shared library? I don't think using a separate process for doing things
> > like encrypting text blocks is wise from a performance perspective. 

 I don't see the problem with performance. The expensive task is
encription itself, which is made by the lowest layer (gnupg for Openpgp
keys, openssl for certs). The intermediate layers task is only passing
data from one place to another (and performing itself other
non-expensive tasks)

> > 
> > I might have misunderstood the goals of this service though.
> 
> Well, here's some of the reasoning behind that. Many of the following 
> are things that can be accomplished with a shared library, but are just 
> so very much simpler when approaching it from a clean DBUS service 
> perspective.
> 
> - Caching of security sensitive information, in one or a pair of
>    processes rather than many. This process can be designed to
>    protect passphrases and the like. Things like starting the process
>    setuid root, (and then dropping all privileges) allow the implementor
>    to use non-pageable memory.
> 
> - A continuity in the encyption experience which allows notification
>    icons (let's say for cached passphrases, log output windows), and the
>    like.
> 
> - To allow the various implementors to use different toolkits and
>    libraries and to avoid implementation details and requirements
>    leaking. This allows each desktop to implement the API according to
>    their own coding style. An important factor if this is to gain
>    traction in the myriad of applications that require encryption
>    services.

  Yes, this is one of the main interesting things this proposal have.
After all you can use dbus from C, C++, perl, python... and for those
languages there are different bindings or native libraries for both GTK
and Qt, the main libraries used by desktops. But not only a desktop app
can use it. Even mutt could do, though I agree that it can be much
overhead for a console mail client.

  Thanks,

-- 
Jose Carlos Garcia Sogo
   jsogo at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada
	digitalmente
Url : http://lists.freedesktop.org/archives/xdg/attachments/20050402/6ad167db/attachment.pgp 


More information about the xdg mailing list