You are here

SSL certificates support

Hi,

Two questions regarding security in Coccinella:

1/ Is there any plan for client-to-server authentication using SSL certificates ? I mean that the user would be able to provide is own SSL certificate (either file based or through windows certificate store, or keychain on OS X, os similar certificate store under Linux)?

2/ Is there any plan for client-to-client encryption using certificates (same as above, either using a certificate stored in the system, or a in the filesystem)?

Best regards,
Nicolas.

Forum: 

1/ Is there any plan for client-to-server authentication using SSL certificates ?

I just added Bug #240603:Client certificates which is mostly a copy of an email of only a month ago ;-)

2/ Is there any plan for client-to-client encryption using certificates?

No, but it could become possible in the far future. Currently this is not possible as there is no easy way (AFAIK) to do this in a standard way. The current methods are too hard for the end user and we don't want to add features to Coccinella that make it more complicated.

Good news thanks.

For point 2 I was thinking about using SMIME to encrypt messages. I think iChat provides this feature.

Good news thanks.

I t does not mean the feature will be there soon.

For point 2 I was thinking about using SMIME to encrypt messages. I think iChat provides this feature.

It needs to be in a XEP: http://www.xmpp.org/extensions/

Don't know to what extents XEP are differents from RFC, but there is an RFC which defines:

End-to-End Signing and Object Encryption for the
Extensible Messaging and Presence Protocol (XMPP)

http://tools.ietf.org/html/rfc3923

That seems to be only a proposed standard. I'll ask the author.