[Bug 35408] New: ServerTLSConnection should have a ReferenceIdentities parameter

[bugzilla-daemon at freedesktop.org]

https://bugs.freedesktop.org/show_bug.cgi?id=35408

           Summary: ServerTLSConnection should have a ReferenceIdentities
                    parameter
           Product: Telepathy
           Version: git master
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: tp-spec
        AssignedTo: telepathy-bugs at lists.freedesktop.org
        ReportedBy: stefw at collabora.co.uk
         QAContact: telepathy-bugs at lists.freedesktop.org


It's possible to verify the certificate against more than one expected
peername. For this we add the immutable ReferenceIdentities property, which is
an array of strings.

These identities must be specified by the user. Obviously the results of DNS
resolution (such as SRV DNS resolution in XMPP) should never be put into the
ReferenceIdentities property.

It's conceivable and possible for a telepathy account to have more than one
expected TLS certificate identity. An example of this is with XMPP, when a
server is manually specified.

I will be filing other tickets for implementing this in gabble, and using the
property in empathy. I'll be documenting use cases there. 

The ReferenceIdentities property always contains at least the value of the
Hostname property.

The Hostname property stays, and is the source domain that the user expects to
be connecting to. This is used when displaying messages to the user, looking up
and storing trust assertions. For example it makes sense to store a pinned
certificate exception associated with the Hostname (and not
ReferenceIdentities).

Will attach patches that add ReferenceIdentities to ServerTLSConnection

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.