Use case for per-protocol icons
caseyharkins at gmail.com
Sun Aug 5 17:51:18 EDT 2007
Ethan Blanton wrote:
>> I don't see any indication of encryption on my jabber accounts (that use
>> TLS). That said, I don't think this belongs in the buddy list. It would
>> belong in the chat window, if anywhere.
> I feel like a broken record on this issue, but it's one that people
> *need* to understand.
> Your TLS Jabber connections _should not_ show up as secure, because
> they are completely and utterly _insecure_ as far as Pidgin can know.
> All Jabber with TLS tells you is that the connection from your client
> to the server is encrypted, nothing more. Specifically, it does _not_
> tell you that a) the connection from the server to the buddy you are
> chatting with is encrypted, or b) even if a) holds, the server is not
> sending everything you say to a third party.
One more to add to the list is that there is no guarantee of
server-to-server TLS. So even if (a) and (b) above are true, the
communication between your server and your buddy's server could be
taking place without TLS.
More information about the Devel