[EMAIL PROTECTED] investigò: >> This solution has a number of problems: >> - How should I pass the private key to the cm? Is it a problem to pass >> it on dbus (it could be easily sniffed using dbus-monitor)? > > If somebody can attach to your session bus, they probably can just as > well read your private keys.
Usually keys are stored in password-encrypted files but we need to send the key unencrypted over dbus. If this is a problem we could use a private D-Bus connection or a local socket but the latter has some headaches attached as we've seen in tubes and file-transfers. >> - What to do if I don't have access to the private key (e.g. smart card >> readers)? >> - In the case of a connection to a server I need to pause the >> connection >> process until the client has verified the server's >> certificate, to avoid >> sending the password to an untrusted server. >> - We need a ListSupportedCertificates() method to know the supported >> certificate types: X.509, PGP, etc. > > Is it some interface not currently in the spec? There is no interface for certificates/keys in the spec, we are investigating the possible ways of adding what's missing. >> Any better idea? Suggestions? > > We really need some generic security interface on channels. I think > that in order to be flexible and cover the use cases already known (e.g. > SIP request authentication, end-to-end encryption), it should unify > text-based authentication and certificate exchange mechanisms. We are open to suggestions! :) -- Buongiorno. Complimenti per l'ottima scelta. _______________________________________________ Telepathy mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/telepathy
