[Bug 35410] New: Implement ServerTLSConnection.ReferenceIdentities in gabble

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Mar 18 10:49:25 CET 2011 

https://bugs.freedesktop.org/show_bug.cgi?id=35410

           Summary: Implement ServerTLSConnection.ReferenceIdentities in
                    gabble
           Product: Telepathy
           Version: git master
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: gabble
        AssignedTo: telepathy-bugs at lists.freedesktop.org
        ReportedBy: stefw at collabora.co.uk
         QAContact: telepathy-bugs at lists.freedesktop.org


ServerTLSConnection.ReferenceIdentities is a way for a connection manager to
indicate that there can be more than one expected identity for a certificate on
the other side of a TLS connection.

This patch implements support for reference identities in gabble for XMPP
connections TLS connections. The first reference identity is always the source
domain of the XMPP JID. The second reference identity is the overridden server
name (when such is explicitly specified).

Use Case
========

 * Fry follows google's instructions [1] when setting up his XMPP
   client with google talk. The instructions ask him to override the
   server name with 'talk.google.com'.
 * Fry gets a scary certificate warning that there's someone trying
   to screw with his encrypted connection.
 * Fry gets used to certificate warnings, and sees them as an expected
   part of using his computer.
 * Alternatively Fry uses pidgin or other XMPP clients which don't
   produce a warning in this situation.

Obviously we should never use reference identities that were not specified by
the user either through direct configuration or a choice of some sort. Both the
reference identities (JID domainpart, and server override) implemented by this
patch are explicitly specified by the user.

I will be filling another ticket for implementing support for this in empathy.
Will be attaching patches.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the telepathy-bugs mailing list