Taral taral at taral.net
Thu Nov 9 13:08:47 CET 2000

This is a Request For Comments:

An interesting point has been made. GPG implements a lot of
process-level security which cannot be simply put into a library
(setuid-root stuff).

Therefore I recommend that GPG be broken up into the following:

* Processing libraries
  * Algorithms
  * Format handlers
  * etc.
* Data handling layer (handles keeping data secure)
* Command line interface
* IPC interface

This way, we can provide what is needed at each point -- direct C
interface for those who just want to check signatures rapidly, IPC
interface for those who want to do more secure things, and command line
for those who use scripts (and users).

Note: The data handling layer would actually be the program driver. It
would contain "main". The IPC + cmdline interfaces could (in theory) be
dynamically loaded, although this might be a security risk.

Taral <taral at taral.net>
Please use PGP/GPG to send me mail.
"Never ascribe to malice what can as easily be put down to stupidity."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 248 bytes
Desc: not available
Url : /pipermail/attachments/20001109/ff4e139a/attachment.bin

More information about the Gnupg-devel mailing list