Requirements of the MIT CWIS development group

Represented by: Bruce Lewis

The MIT CWIS development group (cwis-dev) will maintain lynx software in the infoagents locker in accorance with MIT's business needs. Cwis-dev must upgrade to new releases of lynx as necessary, and may sometimes need to make local changes according to MIT requirements. Cwis-dev requirements follow.

1. All required functionality should be implemented by July 15, 1997 and must be implemented by August 4 to allow adequate testing before the fall semester begins.
2. All lynx-cert source code should be POSIX.1 compliant and must compile on Solaris, Irix, NetBSD, Linux and Ultrix.
3. Lynx-cert must have a configuration-file directive that allows trusted Certificate Authorities to be specified.
4. When a user is presented with a certificate signed by an untrusted Certificate Authority (CA), lynx-cert must provide a mechanism that explains and provides a choice of whether to trust this server certificate always, just this time, or not at all.
5. Lynx-cert must supply a mechanism for reviewing trusted CAs and for deleting them from the trusted list.
6. Lynx-cert must supply a mechanism for creating user certificates with strong randomness, preferably using the KEYGEN tag allowing a selection of key sizes as in Netscape Navigator US.
7. When a user certificate is generated, lynx-cert must explain and provide a choice as to whether or not to protect the user certificate on disk with a password. Lynx-cert must provide a mechanism to encrypt/decrypt the private key when appropriate using a user-supplied password, and provide a mechanism to change this password.
8. User private keys should be left unencrypted in memory for a minimal amount of time in case lynx dumps core in a directory readable by others. Likewise, if the user password is asked for each time it's needed, it should be erased from memory after each use. If the user password is asked for once per lynx session, it must be kept in memory but may be obfuscated somehow to make extraction from a core dump more complicated than just running the strings command. Cwis-dev leaves to the implementor's discretion whether to require the password once per session, once per use, or to give the user a choice.