DB design document

[Gary E Bickford]

Not to further muddy the waters, but what about the following thoughts?

1. 
Provide a 'security abstraction layer' that glues to any of various 
encryption schemes - SSL, SSH, TCS, ...
2. 
Use OpenSSH (http://www.openssh.com) as one of the schemes, instead of 
OpenSSL.  OpenSSH are using a BSD-style license, and development is by 
the OpenBSD folks.
3. 
If GNUCash is moving toward an object model then it might be possible to 
piggyback on an SSL-enabled browser, by sending messages through the 
browser interface - this is rather obscure, but doable especially with 
the Mozilla tools.  Mozilla doesn't itself come with SSL, it must be 
installed from the Netscape site for similar licensing reasons.
4. 
Perhaps Gnome should have a standalone encryption/tunnelling module with 
an Orbix object interface.  This would eliminate the need to link 
anything in the GNUCash program, just send messages to the encryption 
object.  This would also provide similar capabilities as the original 
I-Planet secure tunnelling application server, which uses Java 'netlets' 
to build tunnels over an http connection.