enhanced XML Format for events (fixing recurrances and allow forprivate events)
martin.konold at erfrakon.de
Tue Aug 15 20:53:31 CEST 2006
Am Dienstag, 15. August 2006 14:59 schrieb Joon Radley:
> > With the new enhanced format is can be more easily implemented.
> I have no problem with the introduced encryption format for privacy, my
> issue is with the key management.
The basic idea is to introduce key management step by step.
0. create the X509 certificate using an undefined tool like openssl or windows
tools. Mark this certificate exportable!
1. store the key in the desktop certificate store. IIRC such a certificate
store is part of every windows installation. Optionally you may choose to use
your own store (e.g. the filesystem). Using the windows OS certificate store
will have the advantage that stuff like smart cards will work out of the box
while using your own store will more easily allow to share the certificate
with everyone having access to the cert. For access control Windows ACLs are
well suited then.
2. I propose to initially use the x509 certificate for encryption/decryption
only. The cert is initially only in the certificate store and it is initially
only used for de-/encrypting private Kolab objects. The private object uses
the key id to uniquely define which key is required for decryption.
Potentially the eventlist might contain multiple copies of the data encrypted
with different keys.
3. If the Kolab user wants to use several different clients to access his
private data it is initially the duty of the user to export/import the
certificate manually and to transfer it by suitable means.
IMHO such a simple key management will already help many people. The most
paranoid want to use smartcards etc. while the others might feel comfortable
using a server and its ACLs to store the certificates securely. As to which
server storage solutions are supported I am open for discussion.
a) use a fileserver with ACLs
b) use https + ACLs on the Kolab server
c) use imaps + ACLs on the Kolab server
d) use ldaps + ACLs on the Kolab server
d) use smartcards
> Another fun issue will be to write an update utility for existing data
> stores and in my case it is not only for Kolab.
Please elaborate the issue as I fail to understand the problem.
> > > > > 4. recurrances
> What do you want to do with this event-list tag, extend recurrence or
> create a single object to multiple object mapping?
> Please ignore the other issues just concentrate on one issue at a time.
> Lets evaluate the proposal from a recurrence view point.
With the eventlist tag I want to provide a wrapper in order to be
syntactically able to store multiple event(-like) data sets. These events
then describe the exceptions in more detail so that we can represent
everything which is possible with OL2K3 and possible OL12.
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
More information about the format