|
Main /
Enigform-goalsOn April 28th, 2009 I got an eMail from an individual who was interested in the project, but couldn't find a good explanation on Why I was doing it, How I wanted to do it, etc. I decided this guy was completely RIGHT about that. Even though there are a number of articles and interviews that are easily googleable, a good old wiki article is definitely NOT a bad idea. So here it goes. NOTE: This is a work-in-progress article, ok? I'll remove most fun out of it once I finish it :) First of all, let me clarify that Enigform is NOT an SSL replacement. It does not even CARE about socket-level encryption. I don't even really care about encryption at all. Enigform is an HTTP-level, Request/Response oriented set of OpenPGP 'addons' to HTTP. It's NOT a 'https' replacement. I couldn't even begin to believe I would be able of REMOTELY doing something as good as SSL. My main purpose is user authentication and session management, built on top of OpenPGP-based digital signatures for HTTP requests, and payload encryption/signing for the session initiation challenge-response protocol. I will go into details of the protocol on some other wiki article sometime this century. I'm also working on a direct HTTP Authentication emulation subsystem for mod_openpgp, which will make it even easier for people to migrate to Enigform if using HTTP Authentication. Basicly, by specifying an "OpenPGPAuthorizedUsers /path/to/text/file" for a certain resource (just like Apache's HTTP Authentication parameters, but without where to get valid users from) you can have Enigform-secure-session based "http auth" emulation. |