[Telepathy] Spec meeting notes on SASL authentication and SSL cert verification

mikhail.zabaluev at nokia.com mikhail.zabaluev at nokia.com
Thu Mar 11 04:51:24 PST 2010


Hi,

> -----Original Message-----
> From: telepathy-bounces at lists.freedesktop.org [mailto:telepathy-
> bounces at lists.freedesktop.org] On Behalf Of ext Simon McVittie
> Sent: Thursday, March 11, 2010 2:40 PM
> To: telepathy at lists.freedesktop.org
> Subject: Re: [Telepathy] Spec meeting notes on SASL authentication and
> SSL cert verification
> 
> On Thu, 11 Mar 2010 at 13:01:34 +0100, mikhail.zabaluev at nokia.com
> wrote:
> > Few minor comments:
> > - A challenge channel should present some human-readable string, to
> possibly inform what is being authenticated.
> > The string SHOULD be formed locally by the connection manager, so as
> to avoid presenting remotely supplied information as trusted.
> 
> If connection managers continue to not be localized, then the auth UI
> would
> have to form this string itself by understanding the meaning of the
> channel
> (e.g. putting together TargetHandleType=CONTACT,
> TargetID=smcv at example.com,
> and ideally also the local address book to say "secure communication
> with
> Simon McVittie <smcv at example.com>"). I'd suggest that it should ignore
> (close)
> channels it doesn't understand well enough to present such a thing?

Yes, I agree that an informational string should not really be treated as an UI-ready message.
And if we always have a way to identify the peer or the destination through basic Channel properties, and connect the challenge to requests that caused it, fine.

Misha


More information about the telepathy mailing list