Bug 35408

Summary: ServerTLSConnection should have a ReferenceIdentities parameter
Product: Telepathy Reporter: Stef Walter <stefw>
Component: tp-specAssignee: Telepathy bugs list <telepathy-bugs>
Status: RESOLVED FIXED QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: normal    
Priority: medium Keywords: patch
Version: git master   
Hardware: Other   
OS: All   
URL: http://git.collabora.co.uk/?p=user/stefw/telepathy-spec.git;a=shortlog;h=refs/heads/reference-identities
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 35410    

Description Stef Walter 2011-03-18 02:19:10 UTC 
It's possible to verify the certificate against more than one expected peername. For this we add the immutable ReferenceIdentities property, which is an array of strings.

These identities must be specified by the user. Obviously the results of DNS resolution (such as SRV DNS resolution in XMPP) should never be put into the ReferenceIdentities property.

It's conceivable and possible for a telepathy account to have more than one expected TLS certificate identity. An example of this is with XMPP, when a server is manually specified.

I will be filing other tickets for implementing this in gabble, and using the property in empathy. I'll be documenting use cases there. 

The ReferenceIdentities property always contains at least the value of the Hostname property.

The Hostname property stays, and is the source domain that the user expects to be connecting to. This is used when displaying messages to the user, looking up and storing trust assertions. For example it makes sense to store a pinned certificate exception associated with the Hostname (and not ReferenceIdentities).

Will attach patches that add ReferenceIdentities to ServerTLSConnection
Comment 1 Stef Walter 2011-03-18 02:28:26 UTC 
telepathy-spec changes on my git.collabora.co.uk reference-identities branch:

http://git.collabora.co.uk/?p=user/stefw/telepathy-spec.git;a=commit;h=19d4def6459766b82277eab506b5fb770d912c57
Comment 2 Stef Walter 2011-03-18 02:38:19 UTC 
Matching telepathy-glib changes on my git.collabora.co.uk reference-identities branch:

http://git.collabora.co.uk/?p=user/stefw/telepathy-glib.git;a=commit;h=35f4d52fc3941c83191d334d2d0c0716e21d2bc5
Comment 3 Stef Walter 2011-03-18 04:45:15 UTC 
Comments from sjoerd:

<sjoerd> stefw: for your spec patch, please document that if ReferenceIdentities doesn't excist the UI should use Hostname instead
<stefw> good, will do.
<sjoerd> tp:name-for-bindings should be Ugly_Case
 so Reference_Identities in your case
 did the spec compilation not warn about that ?
 the may in the Clients may display should probably be a MAY

Made the above changes in reference-identities branch.
Comment 4 Stef Walter 2011-03-18 05:18:05 UTC 
Merged into master by sjoerd.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.