[Telepathy] Secure communications with Telepathy

Emanuele Aina em at nerd.ocracy.org
Wed Nov 28 02:53:14 PST 2007

mikhail.zabaluev at nokia.com investigò:

>> This solution has a number of problems:
>> - How should I pass the private key to the cm? Is it a problem to pass
>> it on dbus (it could be easily sniffed using dbus-monitor)?
> If somebody can attach to your session bus, they probably can just as
> well read your private keys.

Usually keys are stored in password-encrypted files but we need to send
the key unencrypted over dbus.

If this is a problem we could use a private D-Bus connection or a local
socket but the latter has some headaches attached as we've seen in tubes
and file-transfers.

>> - What to do if I don't have access to the private key (e.g. smart card
>> readers)?
>> - In the case of a connection to a server I need to pause the 
>> connection
>> process until the client has verified the server's 
>> certificate, to avoid
>> sending the password to an untrusted server.
>> - We need a ListSupportedCertificates() method to know the supported
>> certificate types: X.509, PGP, etc.
> Is it some interface not currently in the spec?

There is no interface for certificates/keys in the spec, we are
investigating the possible ways of adding what's missing.

>> Any better idea? Suggestions?
> We really need some generic security interface on channels. I think
> that in order to be flexible and cover the use cases already known (e.g.
> SIP request authentication, end-to-end encryption), it should unify
> text-based authentication and certificate exchange mechanisms.

We are open to suggestions! :)

Complimenti per l'ottima scelta.

More information about the Telepathy mailing list