RE: [Passwordsafe-devel] redesign
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
RE: [Passwordsafe-devel] redesign
|
From: John B. <joh...@ps...> - 2003-04-29 06:21:44
|
Edward wrote:
> once this is done, it
> will be easy to split up and build native ui's for multiple platforms,
> especially with the number of people that have signed on to this project!
> for the record, i do not feel that a single cross platform ui in java or
> gtk+ or whatever is appropriate because it will create dependencies that
> password safe users will have fulfill to install password safe. i may be
> wrong, but the self contained and straight forward install lends to the
> popularity of this application.
I definitely agree that the simple straightforward installation is appealing and worth keeping as
a goal: "Installers? We Don't Need No Stinkin' Installers!" :-)
And I tend to agree on avoiding a single cross-platform "all platforms" UI. So this suggests an
architecture consisting of the single cross-platform "engine" or "core" and a very *limited*
number of UI "shells." There should be as few of these distinct shell applications as possible.
BTW, the file format should be/remain binary portable: I should be able to simply copy my file
of encrypted passwords between my PCs running Windows, Linux, and the BSDs, and my
Macs, aging DEC alphas, Palm Vx, iPaq, PDP-8, and my Cray. :-) Without worrying about
big- or little-endian, etc.
* * *
Which leads me to another issue... May I play the "devil's advocate" a bit? (I love questioning
the assumptions! "Out-of-the box thinking" often results in some cool innovations.)
Edward wrote:
> i am looking forward to seeing graham's update to an xml file format.
What does XML buy us besides file format portability? What does it cost us in return? I am
not criticizing the idea of using XML... but I *am* trying to "think critically" about it. We should
enumerate the answers to both questions. Right now, I can only see 3 advantages, and I am
sure I'm missing some. I can see several potential trouble areas, all associated with parsing,
the availability of parsers, and the difficulty in preventing the XML structure from providing "out
of channel" information to an attacker. Please help me flesh this set of issues out here.
* * *
Finally, somebody mentioned setting design goals for the upcoming "bump up" of a major
revision number. I just looked over the feature requests, and there's a fair amount of interest
in being able to hotsync to a PDA device (pretty evenly split between platforms, too). Have
any of our mailing list "lurkers" written PDA apps? Or hotsync conduits? What are the
architectural distinctives that make it easy to keep a desktop datafile in sync with the copy on
the PDA?
* * *
Geez, I've raised more issues than I've solved, haven't I? :-/
(This is like the Zen master teaching the golfer... "Don't concentrate on the ball. BE the ball."
Okay. As a software designer, I solve problems. "Don't concentrate on the problem. BE the
problem!" Er.... that wasn't quite what I had in mind.)
regards,
-- john b
|
