[Telepathy] Spec meeting notes on SASL authentication and SSL cert verification
simon.mcvittie at collabora.co.uk
Thu Mar 11 04:40:21 PST 2010
On Thu, 11 Mar 2010 at 13:01:34 +0100, mikhail.zabaluev at nokia.com wrote:
> Few minor comments:
> - A challenge channel should present some human-readable string, to possibly inform what is being authenticated.
> The string SHOULD be formed locally by the connection manager, so as to avoid presenting remotely supplied information as trusted.
If connection managers continue to not be localized, then the auth UI would
have to form this string itself by understanding the meaning of the channel
(e.g. putting together TargetHandleType=CONTACT, TargetID=smcv at example.com,
and ideally also the local address book to say "secure communication with
Simon McVittie <smcv at example.com>"). I'd suggest that it should ignore (close)
channels it doesn't understand well enough to present such a thing?
The usual rationale for connection managers (and MC) not being localized:
* UI environments have much more infrastructure and policy for translations
than we do (e.g. the Empathy translations come from GNOME's localization
teams, and Maemo translations are done internally by Nokia according
to the UI specification), but CMs and MC need to be UI-independent
* Consistent translations are (AIUI) consistent within a UI environment -
GNOME in Klingon, Maemo in Klingon and KDE in Klingon don't necessarily have
the same translation guidelines (e.g. the word to use to translate
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 793 bytes
Desc: Digital signature
More information about the telepathy