A couple of days ago I posted a request for an estimation of the
effort needed to implement MOSS (MIME security), given a working
PEM implementation as a starting point. A related question was:
Is anyone implementing / planning to implement public domain
MOSS code?
TIS has a working MOSS implementation, currently available for anonymous
FTP to US and Canadian sites. Sorry folks, we just have no control over
export restrictions. Software Version 7.0 is still called TIS/PEM and
is available from ftp.tis.com; retrieve the file /pub/PEM/README.
We have Version 7.1 which is called TIS/MOSS, to match the name change
in the specification. It is in beta test right now and will be
available on the ftp server in time measured in weeks.
How long it takes to implement depends a great deal on the
implementation you're starting with. It tooks us about 4 person months
to move from our "pure" PEM implementation to an alpha MOSS
implementation. I suspect that's a good outside estimate of the effort.
Most of our time was spent removing code and rewriting our database to
be ASCII file based. This does not include the time it took to get MH
to understand multipart/signed and multipart/encrypted.
In fact, we've eliminated the dependence on any application in our
Version 7.1, which includes generic scripts that make our "toolkit"
software suitable for use by most (if not all) UNIX applications that
support a "shell escape". During origination, it will take a MIME
object as input (text is a special case for which we'll create the MIME
object for you) and produce a MIME object as output (the
multipart/signed and multipart/encrypted, as appropriate). During
delivery, it will a MIME object as input and, if the outermost layer is
a multipart/signed or multipart/encrypted, it will remove one layer
outputting the nested MIME object.
Jim