------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugs.kde.org/show_bug.cgi?id=144912
------- Additional Comments From kde.bugs scytale de 2007-06-09 19:39 -------
So, if I read http://websvn.kde.org/trunk/kdesupport/qca/certs/ correctly, QCA
is using a hardcoded bunch of root certs, with no way to insert others at
runtime? That's pretty sad, especially for a protocol like Jabber, where
everyone can set up his own server, even without paying VeriSign or whoever.
I know that there's the possibility to check a "no certificate warnings" box,
but that is not really an option, because it makes you vulnerable against
man-in-the-middle attacks and the like. There's no "permanently accept _this_
certificate" option. I don't know about the QCA API, but wouldn't it at least
be possible to add a whitelist of certificate fingerprints somewhere (maybe
even manually in kopeterc) and not issue a warning for those?
In the long run, of course, it would be cool if QCA would be able to handle
KDE's "certificate stuff" or learn new (root) certificates in any other way.
I'm curious: How do other KDE apps handle SSL/TLS stuff, honouring KDE's
central certificate system, and why doesn't Kopete do it that way as well?
_______________________________________________
kopete-devel mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/kopete-devel
