[Telepathy] Secure communications with Telepathy
We are working on SSL in gibber and now we need a way to send/receive certificates and to send the private key to the cm. At the moment, my only idea is: - The user certificate is passed as a connection parameter to RequestConnection(). - When the connection is established with the server (of course not in salut), the cm emits CertificateReceived(handle, cert_type, cert) with handle set to 0. The client can verify the certificate and drop the connection if something is wrong. - For end-to-end encryption, the cm emits CertificateReceived() when beginning a communication with a peer with the handle of the peer as first argument. The actual verification of the certificate (maybe with user input) is left to the client. This solution has a number of problems: - How should I pass the private key to the cm? Is it a problem to pass it on dbus (it could be easily sniffed using dbus-monitor)? - What to do if I don't have access to the private key (e.g. smart card readers)? - In the case of a connection to a server I need to pause the connection process until the client has verified the server's certificate, to avoid sending the password to an untrusted server. - We need a ListSupportedCertificates() method to know the supported certificate types: X.509, PGP, etc. Any better idea? Suggestions? -- Marco Barisione http://www.barisione.org/ ___ Telepathy mailing list Telepathy@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/telepathy
Re: [Telepathy] Secure communications with Telepathy
Hi, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ext Marco Barisione Sent: Tuesday, November 27, 2007 4:32 PM To: Telepathy Subject: [Telepathy] Secure communications with Telepathy We are working on SSL in gibber and now we need a way to send/receive certificates and to send the private key to the cm. At the moment, my only idea is: - The user certificate is passed as a connection parameter to RequestConnection(). - When the connection is established with the server (of course not in salut), the cm emits CertificateReceived(handle, cert_type, cert) with handle set to 0. The client can verify the certificate and drop the connection if something is wrong. - For end-to-end encryption, the cm emits CertificateReceived() when beginning a communication with a peer with the handle of the peer as first argument. The actual verification of the certificate (maybe with user input) is left to the client. This solution has a number of problems: - How should I pass the private key to the cm? Is it a problem to pass it on dbus (it could be easily sniffed using dbus-monitor)? If somebody can attach to your session bus, they probably can just as well read your private keys. - What to do if I don't have access to the private key (e.g. smart card readers)? - In the case of a connection to a server I need to pause the connection process until the client has verified the server's certificate, to avoid sending the password to an untrusted server. - We need a ListSupportedCertificates() method to know the supported certificate types: X.509, PGP, etc. Is it some interface not currently in the spec? Any better idea? Suggestions? We really need some generic security interface on channels. I think that in order to be flexible and cover the use cases already known (e.g. SIP request authentication, end-to-end encryption), it should unify text-based authentication and certificate exchange mechanisms. Best regards, Mikhail ___ Telepathy mailing list Telepathy@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/telepathy
Re: [Telepathy] Using telepathy/tapioca on maemo
Harini, try first to build and run the test on your host system instead inside scratchbox, just to get it working and understand better the system. I'm not so new to Tapioca, but used it only on the desktop, I tried in scratchbox once, but it was a little messy. I take some notes that can be helpful, but I couldn't get to the end (shortage of time issues :/ ) Regards, -- Marcelo Lira dos Santos http://setanta.wordpress.com @CInLUG: http://www.cin.ufpe.br/~cinlug @Ciência Livre: http://www.ciencialivre.pro.br @INdT: http://www.indt.org.br ___ Telepathy mailing list Telepathy@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/telepathy
