sspitzer@mozilla.org, mscott@netscape.com, ducarroz@netscape.com
goal: how to extend mozilla mail & news (specifically the UI, mime
and compose) to allow for PGP, S/MIME, etc.
see bug #22687 for some
context.
Sending
core: UI hooks for "apply transformation to this message". examples:
"sign this message", "encrypt this message"
core: pipeling of converters. why? a message can be signed and
encrypted
core: expressing and retrieving converters. X-MOZILLA-CONVERTERS header.
comma seperated list of converter prog-ids
converters. just like html->text converters, we need to support rfc/822 -> "type" converters.
the implementor of the converter will do the work
example: the "sign message" converter will take rfc/822 message and
convert it to a S/MIME message with a new part, the signed part.
they could also append headers and footers to the body, if they wanted.
(PGP needs this?)
open issues:
1) apply transformartions on send. drafts and unsent messages are stored "in the clear". on actual send, we look at the X-MOZILLA-CONVERTERS header and do the transformation. Is this what 4.x did?
Eran Tromer <eran@tromer.org> writes: "The transformation may require user interaction, e.g., password entry for signing. When messages are queued for later sending ("Unsent Messages"), this interaction should occur when queuing. Delaying this interaction to actual sending is inconvenient and also poses security risks (unsent messages may be modified and then signed without re-inspection)."
I need to see what existing clients (like 4.x) do in this case.
2) what if the converter needs to do a blocking task, like get a cert from a server? does the converter run on the UI thread? (ask mscott)
Receiving
core: UI hooks for "state" of the message. "signed". "encrypted". access
to the lock icon?
top level: stream converters. S/MIME -> rfc/822
for parts, need mime content handler for types. see vcard handler
open issues:
1) forwarding an encrypted message?
2) standards for content type S/MIME. PGP. GPG. OpenPGP.
3) Eudora and Outlook, etc. what do we need to do to support reading
encrypted message from other clients?
[signed [encrypted [ rfc/822]]