KDE Cryptography Module

Thiago Macieira thiago at kde.org
Wed May 23 23:40:09 BST 2007

Tom Albers wrote:
>Op wo 23 mei 2007 20:37 schreef u:
>> Mailody is using QSslSocket without any certificate store or policy
>> management. This is obviously not acceptable for a release.
>I store them in a database if the user wants that..

That's not the way it should be. Certificates should be global in KDE. 
There should be a standardised window saying "here's a new certificate, 
do you want to accept it"?

The CA list should be maintained at a central place.

Applications shouldn't deal with certificates at all. At most, we should 
provide a UI for each application to choose a certificate and then record 
that config.

>> somewhere in ksocketfactory.cpp because I thought "hey, that would be
>> nice". That feature is not documented so, technically, no one should
>> be using it. In fact, I plan to remove it, just to make sure that
>> QSslSocket doesn't get widespread use before we implement the rest of
>> the support it needs -- if we choose it at all.
>I'll switch to QSslSocket usage directly then.

No, that's the wrong approach.

When we bless one alternative in KDE, that's the *only* alternative that 
will be allowed in KDE code. If we decide it's QSslSocket, it's that and 
QCA::TLS or plain sockets are not allowed. Same if we decide to go for 
QCA::TLS: at that point, QSslSocket is simply not allowed. I don't know 
if supporting both is possible or even desireable.

It depends on how easy it is to merge the certificate store mechanism with 
KSSL's current (and probably replace it). Then we start phasing out 
KSSL's own backend.

Hopefully, by the second beta (July 25th), we'll have a preliminary API.

QCA developers: please come to aKademy so that we can discuss this 
together and actually work on the code.

  Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
    PGP/GPG: 0x6EF45358; fingerprint:
    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20070524/cfde0d94/attachment.sig>

More information about the kde-core-devel mailing list