Hi, > -----Original Message----- > From: [email protected] [mailto:telepathy- > [email protected]] On Behalf Of ext Simon McVittie > Sent: Thursday, March 11, 2010 2:40 PM > To: [email protected] > Subject: Re: [Telepathy] Spec meeting notes on SASL authentication and > SSL cert verification > > On Thu, 11 Mar 2010 at 13:01:34 +0100, [email protected] > wrote: > > Few minor comments: > > - A challenge channel should present some human-readable string, to > possibly inform what is being authenticated. > > The string SHOULD be formed locally by the connection manager, so as > to avoid presenting remotely supplied information as trusted. > > If connection managers continue to not be localized, then the auth UI > would > have to form this string itself by understanding the meaning of the > channel > (e.g. putting together TargetHandleType=CONTACT, > [email protected], > and ideally also the local address book to say "secure communication > with > Simon McVittie <[email protected]>"). I'd suggest that it should ignore > (close) > channels it doesn't understand well enough to present such a thing?
Yes, I agree that an informational string should not really be treated as an UI-ready message. And if we always have a way to identify the peer or the destination through basic Channel properties, and connect the challenge to requests that caused it, fine. Misha _______________________________________________ telepathy mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/telepathy
