[Authentication] Spec review (part 1)
Eckhart Wörner
ewoerner at kde.org
Thu Sep 9 07:40:34 PDT 2010
Hi everybody,
last week at the KDE BaWü-Sprint, I had an extensive look at the current draft
of the spec, and I want to propose several changes:
1) I talked to the D-Bus people and we agreed on that there's no use for
encryption on D-Bus at all. As soon as you've the possibility to eavesdrop the
D-Bus communication, you're also able to do a man-in-the-middle attack.
My proposal here is to get rid of encryption completely. This makes
implementation of client libraries much easier.
2) On the other hand, encryption introduces a lot of ugliness. Secrets are put
on the bus as byte arrays, at the moment it isn't even specified how
(decrypted) byte arrays translate to strings afterwards. Getting rid of
encryption allows to use the D-Bus type system. Two possibilities:
a) secrets are D-Bus variants ("v")
b) overloading for several common types (like "s", "ay" and "a{ss}")
3) Since the spec says that items can be locked / unlocked individually, a
"Locked" property for the collection makes no sense.
4) There's an artificial separation between items that don't need a Prompt and
items that do so. I suggest to change this so that as soon as a call *might*
take some time, a prompt is returned.
5) Unlocking of the secret storage might take some time without ever creating
a prompt (e.g. hardware needed takes some time to initialize, etc). I suggest
to rename Prompt to Job.
No diff for those changes yet, there's a part 2 yet to be written.
Eckhart
More information about the Authentication
mailing list