[Telepathy] Telepathy Encryption spec draft
Cosimo Cecchi
cosimoc at gnome.org
Tue Jan 26 07:37:17 PST 2010
Hi everyone,
I pushed a branch of telepathy-spec [1] implementing some of the ideas
for end to end encryption we discussed on this list.
Here's an overview of the interface:
org.freedesktop.Telepathy.Channel.Interface.Encryption
Methods:
* Proceed (s: Password) → nothing
* This method lets the encryption process proceed with the
verification of the credentials. A
Channel.Type.ContactVerification channel will be emitted by the
connection manager, for a client to accept or reject the
credentials provided by the remote endpoint. The optional
password argument should be used when the remote endpoint
signals that a password is needed to verify the initiator's
fingerprint.
Signals:
* EncryptionStateChanged (u: State)
* Signals that the encryption state for this channel has changed
Properties:
* LocalFingerprint — s (Read/Write)
* Contains the fingerprint of the certificate we want to use for
this encrypted channel.
* RemoteFingerprint — s (Read)
* Contains the fingerprint of the certificate the remote end wants
to use for this encrypted channel.
* RemotePassword — b (Read)
* Whether the remote endpoint signals that a password is needed in
order to verify the local fingerprint.
* EncryptionRequired — b (Read/Write)
* Indicates whether the channel is requiring encryption.
* EncryptionState — u (Encryption_State) (Read)
* Indicates which stage of the encryption we're in.
Types:
* Encryption_State — u
* None (0): No encryption is taking place on the channel.
* Awaiting_Remote_Response (1): Awaiting remote response or
fingerprint.
* Awaiting_Local_Response (2): Awaiting local call to Proceed().
* Verification_Pending (3): Verification handshakes are taking
places.
* Encrypted (4): Channel is encrypted.
* Failed (5): Encryption request has failed.
The idea is to request an encrypted channel, by setting the
EncryptionRequired property to TRUE in the request along with our
LocalFingerprint property.
When the channel states goes to Awaiting_Local_Response, there can be
three cases:
* RemotePassword = TRUE; RemoteFingerprint is empty. This means
the remote endpoint thinks he's not able to verify our cert (as
for the XTLS spec [2]) and does not want to accept any mean of
authentication other than an interactive one (SRP). In this
case, the client should call Proceed() with a previously
(out-of-band) exchanged password, or the request will fail.
* RemotePassword = TRUE; RemoteFingerprint is not empty. This
means the remote endpoint thinks he's not able to verify our
cert, but he's willing to accept either SRP or do a leap of
faith. It's up to the client to decide whether to call Proceed()
with a password or not.
* RemotePassword = FALSE; RemoteFingerprint MUST not be empty
(happy path). This means the remote endpoint thinks he's able to
verify our cert, and the client MUST call Proceed() without a
password.
At this point, the state could either go to Failed or to
Verification_Pending; in the latter case, verification of the channel
should proceed as specified in Eitan's Verification branch and, if
successful, the channel state should go to Encrypted.
Problems: this spec is quite tailored on the XTLS spec; I think we
should make it a bit more general in order to support other cipher
algorithms, such as OTR.
The obvious idea is to have a "Protocol" property (a bit like
TpFileHashType) enumerating the supported protocols; the
Proceed(password) method should work nice to support OTR as well in that
case.
As usual, feedback welcome!
[1]
http://git.collabora.co.uk/?p=user/cosimoc/telepathy-spec.git;a=shortlog;h=refs/heads/encryption
[2] http://xmpp.org/extensions/inbox/jingle-xtls.html#proto
Cheers,
Cosimo
More information about the telepathy
mailing list