Subject: Re: NetBSD and the Google "Summer of Code" Summary
To: Matthias Buelow <mkb@incubus.de>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: netbsd-users
Date: 10/19/2005 23:03:27
On Mar 9,  1:18pm, Matthias Buelow wrote:
} Jan Schaumann wrote:
} 
} > 	BPG, the BSD Privacy Guard, is a BSD-licensed program that
} > 	performs authentication and encryption using the OpenPGP standard
} > 	(RFC 2440).  The BPG project's goals were to produce:
} > 
} > 	* A set of libraries for signing and encrypting data, allowing the
} > 	  integration of OpenPGP features in other applications.
} 
} What is the rationale behind this? I assume you are aware of entry #4.16
} in the GnuPG FAQ, "Can't we have a gpg library?"?
} 
} While I don't know the whole argumentation against a PGP library, one
} (imho) strong argument is that a library would load the decrypted secret
} key into any random application's memory that uses pgp functionality
} (like a mail reader), while with a separate pgp/gpg binary, it will
} reside only in the address space of the pgp/gpg program, which has been
} designed (and carefully checked/hardened) for this situation.

     The bottom line is that any application can include its own code
to do this stuff, either by lifting code form GPG or rolling their own
from scratch.  If the user gives the application the pass phrase to
decrypt their secret key, then anything could happen.  Providing a
library that is carefully designed, tested, and audited, makes it far
more likely that it will be done correctly.  Not providing a library
does not stop random applications from doing it itself and thus doesn't
really accomplish anything.  This is yet another example of "security
through obscurity" which simply does not work.

}-- End of excerpt from Matthias Buelow