KDE Cryptography Module
Thiago Macieira
thiago at kde.org
Wed May 23 23:40:09 BST 2007
Tom Albers wrote:
>Op wo 23 mei 2007 20:37 schreef u:
>> Mailody is using QSslSocket without any certificate store or policy
>> management. This is obviously not acceptable for a release.
>
>I store them in a database if the user wants that..
That's not the way it should be. Certificates should be global in KDE.
There should be a standardised window saying "here's a new certificate,
do you want to accept it"?
The CA list should be maintained at a central place.
Applications shouldn't deal with certificates at all. At most, we should
provide a UI for each application to choose a certificate and then record
that config.
>> somewhere in ksocketfactory.cpp because I thought "hey, that would be
>> nice". That feature is not documented so, technically, no one should
>> be using it. In fact, I plan to remove it, just to make sure that
>> QSslSocket doesn't get widespread use before we implement the rest of
>> the support it needs -- if we choose it at all.
>
>I'll switch to QSslSocket usage directly then.
No, that's the wrong approach.
When we bless one alternative in KDE, that's the *only* alternative that
will be allowed in KDE code. If we decide it's QSslSocket, it's that and
QCA::TLS or plain sockets are not allowed. Same if we decide to go for
QCA::TLS: at that point, QSslSocket is simply not allowed. I don't know
if supporting both is possible or even desireable.
It depends on how easy it is to merge the certificate store mechanism with
KSSL's current (and probably replace it). Then we start phasing out
KSSL's own backend.
Hopefully, by the second beta (July 25th), we'll have a preliminary API.
QCA developers: please come to aKademy so that we can discuss this
together and actually work on the code.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20070524/cfde0d94/attachment.sig>
More information about the kde-core-devel
mailing list