[Telepathy] Spec meeting notes on SASL authentication and SSL cert verification

[Sjoerd Simons]

On Thu, Jan 21, 2010 at 10:16:27AM -0800, Eitan Isaacson wrote:
> > > Also, how certain is the client of the remote server's hostname? It
> > > seems like there is no definitive way of knowing, there is only a
> > > well-known RequestConnection 'server' parameter, maybe I missed it? In
> > > the XMPP case, a CM might do some additional DNS voodoo, like SRV and
> > > reverse lookup, a protocol-agnostic client won't be able to reliably do
> > > this.
> > 
> > Yes, the CM needs to tell the UI what server name the UI should be verifying
> > (e.g. via the Server property on the channel).
> > 
> > In some protocols we might need to give the UI a list of hostnames any of
> > which would be acceptable, I suppose?

I doubt this ever needs to be plural the CM should be able to know what it is
verifying. With new-style TLS protocols the client always tells the server in
some way who its expecting to connect to and in the old-style SSL stuff you
always verify the canonical name of the server. In case the server has multiple
names this should be dealt with by using wildcards/multiple names in the
certificate not multiple potential identities from the client side.

Also as a side-point, the name you need to verify should never ever come from
DNS lookups as that makes you trivially vulnarable to MITM attacks.

  Sjoerd
-- 
Entropy isn't what it used to be.