| Summary: | indicate the connection's level of security | ||
|---|---|---|---|
| Product: | Telepathy | Reporter: | Simon McVittie <smcv> |
| Component: | gabble | Assignee: | Telepathy bugs list <telepathy-bugs> |
| Status: | RESOLVED MOVED | QA Contact: | Telepathy bugs list <telepathy-bugs> |
| Severity: | enhancement | ||
| Priority: | medium | Keywords: | love |
| Version: | git master | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
|
Description
Simon McVittie
2013-11-06 13:00:54 UTC
Straw-man design:
Connection.Interface.Securable
property Encrypted : b, readable
If true, this connection is known to be encrypted to a reasonable
level. The definition of "reasonable" is intentionally left vague.
This can change from false to true, but if it would change
from true to false, connection managers SHOULD disconnect instead.
Change notification is via o.fd.DBus.Properties.PropertiesChanged.
property Authenticated : b, readable
True if this channel occurs over a connection that is
protected against tampering, and has been verified to be
with the desired destination: for instance, one where TLS
was previously negotiated, and the TLS certificate has
been verified against a configured certificate authority
or accepted by the user.
This can change from false to true, but if it would change
from true to false, connection managers SHOULD disconnect instead.
Change notification is via o.fd.DBus.Properties.PropertiesChanged.
property CipherSuiteID : u, readable
The numeric ID of the cipher suite from the IETF TLS Cipher Suite
registry, in the form (first byte * 256) + second byte.
For instance, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xC0, 0x09)
is denoted by 49161 (0xC009).
0 (TLS_NULL_WITH_NULL_NULL) means the connection
has no effective security. Connection managers MAY use this
cipher suite ID to represent known-weak cipher suites
not described in the TLS Cipher Suite registry.
The maximum 32-bit unsigned integer (4294967295) means the
connection manager cannot represent the cipher suite in terms
of the TLS Cipher Suite registry.
Change notification is via o.fd.DBus.Properties.PropertiesChanged.
enum {
Not_TLS = 0,
SSL_2 = 2*256,
SSL_3 = 3*256,
TLS_1_1 = 3*256 + 1,
TLS_1_1 = 3*256 + 2,
TLS_1_2 = 3*256 + 3,
} TLS_Version;
property TLSVersion : u (TLS_Version), readable
The SSL/TLS version in use, in the form (major byte * 256) +
minor byte, or 0 if the connection is not using SSL/TLS.
For instance, TLS 1.1 is 3*256 + 2 due to its use of { 3, 2 }
as the ProtocolVersion.
Change notification is via o.fd.DBus.Properties.PropertiesChanged.
property CertificateType : s
The type of the certificate used to authenticate the server,
e.g. "x509" or "pgp", as for TLSCertificate, or the empty
string if a certificate was not used.
Change notification is via o.fd.DBus.Properties.PropertiesChanged.
property CertificateChainData : aay (Certificate_Data[])
The certificate chain, as for TLSCertificate.
Change notification is via o.fd.DBus.Properties.PropertiesChanged.
Actually implementing this in Gabble will require some contortions: GNUTLS doesn't tell us the cipher suite, only separate values for the key exchange, cipher and MAC. We could maybe replace CipherSuiteID with separate properties, but I'm really keen to outsource this to something like the IETF TLS registry rather than maintaining enums in Telepathy.
If we port Wocky to GTLS (which we should really), we lose the ability to get this information at all, unless we enhance GTLS...
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/telepathy/telepathy-gabble/issues/268. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.