[Telepathy] Secure communications with Telepathy
Marco Barisione
marco at barisione.org
Tue Nov 27 06:31:58 PST 2007
We are working on SSL in gibber and now we need a way to send/receive
certificates and to send the private key to the cm.
At the moment, my only idea is:
- The user certificate is passed as a connection parameter to
RequestConnection().
- When the connection is established with the server (of course not in
salut), the cm emits CertificateReceived(handle, cert_type, cert) with
handle set to 0. The client can verify the certificate and drop the
connection if something is wrong.
- For end-to-end encryption, the cm emits CertificateReceived() when
beginning a communication with a peer with the handle of the peer as
first argument.
The actual verification of the certificate (maybe with user input) is
left to the client.
This solution has a number of problems:
- How should I pass the private key to the cm? Is it a problem to pass
it on dbus (it could be easily sniffed using dbus-monitor)?
- What to do if I don't have access to the private key (e.g. smart card
readers)?
- In the case of a connection to a server I need to pause the connection
process until the client has verified the server's certificate, to avoid
sending the password to an untrusted server.
- We need a ListSupportedCertificates() method to know the supported
certificate types: X.509, PGP, etc.
Any better idea? Suggestions?
--
Marco Barisione
http://www.barisione.org/
More information about the Telepathy
mailing list