<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><BR><BR>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">----- Original Message ----<BR>From: Lex Spoon <A href="mailto:lex@lexspoon.org">lex@lexspoon.org</A><BR>
<DIV> </DIV>
<DIV>> Why did you pick SMIME rather than PGP, by the way? PGP seems to be<BR>> better established, in part because it is not just for email.<BR></DIV>
<DIV>I chose SMIME for several reasons:</DIV>
<DIV> 1) OpenPGP support has already been started by Hans Martin Mosner and I didn't want to step on his work, since I didn't understand it.</DIV>
<DIV> 2) I wanted to leverage the work we had done on ASN.1 and S/MIME uses CMS which is defined using ASN.1</DIV>
<DIV> 3) Both Mac Email and MS Outlook provide S/MIME support by default. All you need do is add a Certificate, and you are encrypting and signing. I felt S/MIME had more installed base.</DIV>
<DIV> 4) Most CAs issue Certificates in X509 format, used by SMIME</DIV>
<DIV> 4) I was bored and I needed a project.</DIV>
<DIV> </DIV>
<DIV>Would it be possible to support both S/MIME and PGP? I have defined a CertificateStore, which I persist on disk, in which I save the users private key, the user's certificates, and the recipients' Certificates for encrypting. Presumable PGP needs the same kind of info. I had read that the Certificate structure is different for PGP, so maybe that would be sufficient for differentiating between the two.</DIV>
<DIV> </DIV>
<DIV>If we added SMIME to Celeste, it would become dependent on most of the Cryptography repository (<A href="http://www.squeaksource.com/Cryptography">http://www.squeaksource.com/Cryptography</A>) - would that be ok? There would need to be some UI changes - when editing to mark an email for signing and/or encryption, and when receiving an email to display whether signed, encrypted, or both. It may make sense to have a header form and a body form, and the body form would be multipart aware. I dunno.</DIV>
<DIV> </DIV>
<DIV>Rob</DIV></DIV></DIV></div></body></html>