Use case for per-protocol icons

Casey Harkins caseyharkins at gmail.com
Sun Aug 5 17:51:18 EDT 2007


Ethan Blanton wrote:
>> I don't see any indication of encryption on my jabber accounts (that use 
>> TLS). That said, I don't think this belongs in the buddy list. It would 
>> belong in the chat window, if anywhere.
> 
> I feel like a broken record on this issue, but it's one that people
> *need* to understand.
> 
> Your TLS Jabber connections _should not_ show up as secure, because
> they are completely and utterly _insecure_ as far as Pidgin can know.
> All Jabber with TLS tells you is that the connection from your client
> to the server is encrypted, nothing more.  Specifically, it does _not_
> tell you that a) the connection from the server to the buddy you are
> chatting with is encrypted, or b) even if a) holds, the server is not
> sending everything you say to a third party.


One more to add to the list is that there is no guarantee of 
server-to-server TLS. So even if (a) and (b) above are true, the 
communication between your server and your buddy's server could be 
taking place without TLS.

-casey




More information about the Devel mailing list