TODO: stuff to do for Herbrip
=============================

Last altered: 12-Nov-2001.

Future additions to Herbrip include:


(A) MINOR IMPROVEMENTS

Get the "--out" option to handle >1 destination address

Tidy up code

Improve error detection and reporting for openssl errors.
(encwrap.py)

In encwrap.py, remove temporary files that it creates, after
they are no longer needed.

Put a herbapi.py layer between the herbrip module and the
rest of the herbrip program, so that whenever the herbrip
module calls the rest, it goes through the herbapi.py layer.
This would make it easier to call herbrip from other Python
programs.


(B) USER INTERFACE

Decide what the --info option will do, and implement it.

Integrate herbrip with one or more email clients. kmail is
one candidate because: (1) I use it (2) it's the standard
KDE email program.


(C) ENHANCEMENTS TO ENCRYPTION/SECRECY

Have herbrip encrypt/decrypt some headers too, e.g. "Subject:".
DONE - 10 Aug 2001.

Add code to guard against man-in-the middle attacks. Alternate
pathways for key dissemination include web pages. Headers
giving URLs for these, and key signatures (hash of keys).


(D) KEY EXPIRY

Have herbrip automatically change own key periodically; this
involves correctly handling messages involving old keys: there
should be an overlap period when both keys are valid. Needs
new header for key expiry date. Also, possibly have a control
message, so one herbivore system can ask another for its new
public key.

Possibly, allow one herbivore system to interrogate another
for its public key; and to get the other system to email it
automatically whenever its key changes, perhaps.

Possibly, when a herbivore system receives a message encoded in 
an old public key, that it therefore cannot decode, then have 
it communicate that fact to the sending system, and request that
the message be re-sent with the new (and therefore correct)
key.

These changes involve there being a protocol for control 
messages between one Herbrip system and another; this protocol
needs to be defined. This protocol could also make it easy to
have other protocols wrapped in a herbivore layer, so you
could have for example SOAP-over-Herbivore.


(Z) OTHER

Add feature to add headers to Usenet posts (to broadcast
user's public key -- useful for email replies). Obviously,
should not encrypt as well. Example:
   herbrip --outnews message message_p

Also, to process Usenet messages, in order to harvest public 
keys:
   herbrip --innews message message_p
(NOTE: this won't work if the sender has spamblocked his
email address).   


end.
