The Security (will be renamed FileSystemSecurity) object can cache, fetch CAs, manipulate SMIME, store certs, The stack always knows about the security object. Inherits from BaseSecurity (will be renamed security). The stack always knows about the Security object.
WinSecurity - Inherits from Security. Incomplete. Can store your certs with the Windows cert management system. Reading/writing/removing PEMs.
MacSecurity - Inherits from Security. Incomplete. Can store your certs with the Mac OS cert management system. Reading/writing/removing PEMs.
Security attributes are signed, encrypted, and identity strings that get populated by DUM and go into the SIP message. If DUM sees encryption or a signature, DUM will check the signature and will find the most secure body located in the MIME structure that is understandable and decrypt it. DUM will not tell you about signature’s validity or throw away invalid messages.
TODO: Document the proposed API for sending encrypted and signed messages.