TLS Handler and stable release
David Edmundson
david at davidedmundson.co.uk
Fri Feb 8 15:22:00 UTC 2013
On Fri, Feb 8, 2013 at 3:11 PM, Daniele E. Domenichelli <
daniele.domenichelli at gmail.com> wrote:
> On 08/02/13 16:04, David Edmundson wrote:
> >
> > The lack of a TLS handler in 0.5 is in my opinion a quite big
> security
> > bug, because in order to connect to a server with a self signed or
> > expired certificate you have to disable ssl error checks, and
> therefore
> > user is completely unprotected from man in the middle and similar
> > attacks.
> >
> >
> > This is *not true*.
> >
> > If we don't have a handler MC checks the certificate itself. If it's
> > valid it goes through, if it's invalid the channel is rejected.
> >
> > The problems are:
> > - it uses the system certs, not KDE cert rules
> > - If it's wrong we can't prompt the user.
> >
> > To test this, simply connect to a local prosody server without ticking
> > "ignore ssl errors", it blocks the connection
>
>
> Sorry, what I mean that _if you check the "ignore ssl errors" checkbox_
> then you are unprotected from attacks, we shouldn't probably even have
> that checkbox...
>
That part is true :)
At least at that point the user's made a consensual decision.
How much is that a problem in real life? I only have to do that on my local
prosody server, which isn't a real life problem.
It can also be worked round by copying the correct cert into the system
certificate folder manually.
I'd also be ok with removing the ignore-ssl-errors option in 0.6.
>
>
> Daniele
> _______________________________________________
> KDE-Telepathy mailing list
> KDE-Telepathy at kde.org
> https://mail.kde.org/mailman/listinfo/kde-telepathy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-telepathy/attachments/20130208/7fcc5325/attachment.html>
More information about the KDE-Telepathy
mailing list