enhanced XML Format for events (fixing recurrances and allow forprivate events)

Martin Konold martin.konold at erfrakon.de
Tue Aug 15 20:53:31 CEST 2006

Am Dienstag, 15. August 2006 14:59 schrieb Joon Radley:

Hi Joon,

> > With the new enhanced format is can be more easily implemented.

> I have no problem with the introduced encryption format for privacy, my
> issue is with the key management. 

The basic idea is to introduce key management step by step.

0. create the X509 certificate using an undefined tool like openssl or windows 
tools. Mark this certificate exportable!

1. store the key in the desktop certificate store. IIRC such a certificate 
store is part of every windows installation. Optionally you may choose to use 
your own store (e.g. the filesystem). Using the windows OS certificate store 
will have the advantage that stuff like smart cards will work out of the box 
while using your own store will more easily allow to share the certificate 
with everyone having access to the cert. For access control Windows ACLs are 
well suited then.

2. I propose to initially use the x509 certificate for encryption/decryption 
only. The cert is initially only in the certificate store and it is initially 
only used for de-/encrypting private Kolab objects. The private object uses 
the key id to uniquely define which key is required for decryption. 
Potentially the eventlist might contain multiple copies of the data encrypted 
with different keys.

3. If the Kolab user wants to use several different clients to access his 
private data it is initially the duty of the user to export/import the 
certificate manually and to transfer it by suitable means.

IMHO such a simple key management will already help many people. The most 
paranoid want to use smartcards etc. while the others might feel comfortable 
using a server and its ACLs to store the certificates securely. As to which 
server storage solutions are supported I am open for discussion.

a) use a fileserver with ACLs
b) use https + ACLs on the Kolab server
c) use imaps + ACLs on the Kolab server
d) use ldaps + ACLs on the Kolab server
d) use smartcards

> Another fun issue will be to write an update utility for existing data
> stores and in my case it is not only for Kolab.

Please elaborate the issue as I fail to understand the problem.

> > > > > 4. recurrances
> What do you want to do with this event-list tag, extend recurrence or
> create a single object to multiple object mapping?
> Please ignore the other issues just concentrate on one issue at a time.
> Lets evaluate the proposal from a recurrence view point.

With the eventlist tag I want to provide a wrapper in order to be 
syntactically able to store multiple event(-like) data sets. These events 
then describe the exceptions in more detail so that we can represent 
everything which is possible with OL2K3 and possible OL12.

-- martin

Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker

More information about the format mailing list