Hi, >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of >ext Marco Barisione >Sent: Tuesday, November 27, 2007 4:32 PM >To: Telepathy >Subject: [Telepathy] Secure communications with Telepathy > >We are working on SSL in gibber and now we need a way to send/receive >certificates and to send the private key to the cm. > >At the moment, my only idea is: >- The user certificate is passed as a connection parameter to >RequestConnection(). >- When the connection is established with the server (of course not in >salut), the cm emits CertificateReceived(handle, cert_type, cert) with >handle set to 0. The client can verify the certificate and drop the >connection if something is wrong. >- For end-to-end encryption, the cm emits CertificateReceived() when >beginning a communication with a peer with the handle of the peer as >first argument. > >The actual verification of the certificate (maybe with user input) is >left to the client. > >This solution has a number of problems: >- How should I pass the private key to the cm? Is it a problem to pass >it on dbus (it could be easily sniffed using dbus-monitor)?
If somebody can attach to your session bus, they probably can just as well read your private keys. >- What to do if I don't have access to the private key (e.g. smart card >readers)? >- In the case of a connection to a server I need to pause the >connection >process until the client has verified the server's >certificate, to avoid >sending the password to an untrusted server. >- We need a ListSupportedCertificates() method to know the supported >certificate types: X.509, PGP, etc. Is it some interface not currently in the spec? >Any better idea? Suggestions? We really need some generic security interface on channels. I think that in order to be flexible and cover the use cases already known (e.g. SIP request authentication, end-to-end encryption), it should unify text-based authentication and certificate exchange mechanisms. Best regards, Mikhail _______________________________________________ Telepathy mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/telepathy
