Subject: Re: NetBSD and the Google "Summer of Code" Summary
To: =?ISO-8859-1?Q?Nils_O=2E_Sel=E5sdal?= <noselasd@asgaard.homelinux.org>
From: matthew sporleder <msporleder@gmail.com>
List: netbsd-users
Date: 10/17/2005 13:35:44
Was this project BSD PG project even completed?

On 10/17/05, "Nils O. Sel=E5sdal" <noselasd@asgaard.homelinux.org> wrote:
> Matthias Buelow wrote:
> > Jan Schaumann wrote:
> >
> >
> >>      BPG, the BSD Privacy Guard, is a BSD-licensed program that
> >>      performs authentication and encryption using the OpenPGP standard
> >>      (RFC 2440).  The BPG project's goals were to produce:
> >>
> >>      * A set of libraries for signing and encrypting data, allowing th=
e
> >>        integration of OpenPGP features in other applications.
> >
> >
> > What is the rationale behind this? I assume you are aware of entry #4.1=
6
> > in the GnuPG FAQ, "Can't we have a gpg library?"?
> >
> > While I don't know the whole argumentation against a PGP library, one
> > (imho) strong argument is that a library would load the decrypted secre=
t
> > key into any random application's memory that uses pgp functionality
> > (like a mail reader), while with a separate pgp/gpg binary, it will
> > reside only in the address space of the pgp/gpg program, which has been
> > designed (and carefully checked/hardened) for this situation.
>
> Perhaps an idea would be to modelle it after
> http://cm.bell-labs.com/sys/doc/auth.html
> Atleast the idea is that all sensitive processing is done in the context
> of a trusted process, and you can very well have libraries interfacing th=
at.
> Or perhaps I BGP already does this ?
>