[Telepathy] Spec meeting notes on SASL authentication and SSL cert verification

Eitan Isaacson eitan.isaacson at collabora.co.uk
Thu Mar 11 09:46:02 PST 2010 

Thanks for the feedback!

On Thu, 2010-03-11 at 13:01 +0100, mikhail.zabaluev at nokia.com wrote:
> Thanks. I like that the proposed way is friendly to cases when the
>  dispatcher needs to pop up a separate authentication UI, which can
>  even ignore differences between channel and connection auth. Also,
>  this isolated UI process could have elevated privileges and be better
>  secured.
> 
> Few minor comments: 
> - A challenge channel should present some
>  human-readable string, to possibly inform what is being authenticated.
> The string SHOULD be formed locally by the connection manager, so as to
>  avoid presenting remotely supplied information as trusted.

Some thing like "John is requesting authentication"? The problem with
that is localization. CMs don't localize strings, I believe the UI does
that exclusively. So the channel would probably need to present machine
readable information for the UI to make human readable.

Aren't there enough hints in the channel to pick up?
 - If the channel is anonymous it is authentication for the Connection
object (ie. the server).
 - If it has a target handle, and a target handle type, it should be
enough information to work with: "Chatroom Car-Talk is password
protected, please enter password", "John is requesting authentication",
"John's certificate is self-signed", etc.
 - With the change you suggest below, even more could be figured out
about the authentication's context.

> - Maybe there should be a list of request tokens from the original
>  channel request(s), available through the ChannelAuthentication
>  interface, to refer to requested channels that will be created after
>  the authentication is successful.

Good idea. There should probably be two properties, one for requests
tokens and one for already existing channels.

Cheers,
  Eitan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freedesktop.org/archives/telepathy/attachments/20100311/e2e4ba37/attachment.pgp>

More information about the telepathy mailing list