SSL security concern
elb at pidgin.im
Mon Oct 14 12:41:22 EDT 2013
Ralf Skyper Kaiser spake unto us the following wisdom:
> I made a list of features under section 6.4 that would make pidgin secure.
> In summary:
So ... we already implement a large portion of this list, either
explicitly or implicitly. To wit:
> For Jitsi/Pidgin/Jabber this would mean:
> 1. Do not allow non-private chats
I don't know what this means.
> 2. Do not allow clear-text (non-SSL) connections
This is already available, as a per-account option. A global option
could be added, but that is not substantially more user-friendly or
secure in any practical sense.
> 3. Accept self-signed certificates but once accepted/stored do not allow
> certificate to change (even if new certificate is a Verisign signed
This is not something we currently support, but I generally think it's
a good idea across the board. I doubt we will implement it any time
soon, but I am pretty sure we would accept a well-written patch that
notified of certificate changes.
> 4. Feature to select CAfile storage location
This is already provided, as a compile-time option.
> 5. Force client to disable logging
This is not an "option", but can easily be achieved by marking
~/.purple/logs unwriteable by the user.
> 6. Inform server that user is using lockdown (so that server can reject
> all clients which do not).
This is not useful, as a client can readily lie.
> 7. Once lockdown option is enabled the user should not be able to change
> any of the above options until lockdown is disabled again (e.g. gray out
> the option). Disconnect when lockdown option changes and reconnect to all
I don't see what this buys. We're unlikely to implement it.
> The BIGGEST BANG FOR THE BUCK would be 4.: Allow the user to specific a
> different (and exclusive) CA location.
Again, we already support this, so I guess our buck is already bangin'.
> It is not a big change and would open up Pigdin to a much larger user base.
This is a disingenuous and misplaced statement. I assume you're
trying to bribe egos. However, a) Pidgin is already used by many
millions of users, b) the "much larger user base" is a small fraction
of those millions consisting of (for example) certain financial
companies, a small number of privacy-concerned tech-savvy individuals,
etc., and c) we don't care how many people use Pidgin, anyway. If you
can convince us something is a good idea, we'll either do it or accept
a patch for it. If you can't, we don't care if the Pope, the Dalai
Lama, and Captain Reynolds got together and asked for it.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 482 bytes
Desc: Digital signature
More information about the Support