Re: gnome-keyring GcrSimpleCertificate

[Stef Walter <stefw gnome org>]

Note: I'm CC'ing this to the gnome-keyring mailing list, as it contains
discussion about decisions on trust storage.

For those of us just joining us. There are new libgcr API's in the
trust-store branch for applications storing certificate trust exceptions
(for use with self-signed certificates etc.).

On 2010-09-18 12:32, Stef Walter wrote:
> On 2010-09-13 05:17, Cosimo Cecchi wrote:
>> Yes, it's basically that. The exception purpose would be "IM only" or
>> "Telepathy only" in our case, if I understand correctly.
>> It would be really handy for us to be able to do that within the
>> keyring, so if it's already possible, that's great.
> 
> I've done some work to implement this on the trust-store branch of
> gnome-keyring. In the gcr library there are functions like:
> 
> gcr_trust_get_certificate_exception()
> gcr_trust_set_certificate_exception()
> 
> I worked a bit more on it over the last few days, so it's good enough
> for you to take a look. It's not completely done, but should be by tomorrow.

Okay. I committed more fixes for this. Trust storage should be working
now on the trust-store branch. You can use the gnome-keyring tool to
play with it a bit.

So we need to choose a purpose for IM. Would it just be one purpose
like? You can see the current purpose codes in gcr-trust.h. These are
the ones defined in various RFC's of X.509 ExtUsage and so on.

As far as I know there is no defined purposes for IM yet [1]. So we get
to choose our own. Would there just be one purpose like:

GCR_PURPOSE_INSTANT_MESSAGE

Or would there be multiple, something like:

GCR_PURPOSE_MESSAGE_VIDEO
GCR_PURPOSE_MESSAGE_VOICE
GCR_PURPOSE_MESSAGE_TEXT

The basic concept is if you would trust a certificate for only a certain
kind of instant message or chat. Or would that never be relevant?

Cheers,

Stef

[1] Or do you know of anyone else who has defined these before. They
would be in the form of OIDs similar to the ExtUsage certificate extension.