SSL security concern

Ethan Blanton elb at pidgin.im
Mon Oct 14 12:41:22 EDT 2013 

Ralf Skyper Kaiser spake unto us the following wisdom:
> I made a list of features under section 6.4 that would make pidgin secure.
> In summary:

So ... we already implement a large portion of this list, either
explicitly or implicitly.  To wit:

> For Jitsi/Pidgin/Jabber this would mean:
> 
>    1. Do not allow non-private chats

I don't know what this means.

>    2. Do not allow clear-text (non-SSL) connections

This is already available, as a per-account option.  A global option
could be added, but that is not substantially more user-friendly or
secure in any practical sense.

>    3. Accept self-signed certificates but once accepted/stored do not allow
>    certificate to change (even if new certificate is a Verisign signed
>    certificate).

This is not something we currently support, but I generally think it's
a good idea across the board.  I doubt we will implement it any time
soon, but I am pretty sure we would accept a well-written patch that
notified of certificate changes.

>    4. Feature to select CAfile storage location

This is already provided, as a compile-time option.

>    5. Force client to disable logging

This is not an "option", but can easily be achieved by marking
~/.purple/logs unwriteable by the user.

>    6. Inform server that user is using lockdown (so that server can reject
>    all clients which do not).

This is not useful, as a client can readily lie.

>    7. Once lockdown option is enabled the user should not be able to change
>    any of the above options until lockdown is disabled again (e.g. gray out
>    the option). Disconnect when lockdown option changes and reconnect to all
>    servers.

I don't see what this buys.  We're unlikely to implement it.

> 
> The BIGGEST BANG FOR THE BUCK would be 4.: Allow the user to specific a
> different (and exclusive) CA location.

Again, we already support this, so I guess our buck is already bangin'.

> It is not a big change and would open up Pigdin to a much larger user base.

This is a disingenuous and misplaced statement.  I assume you're
trying to bribe egos.  However, a) Pidgin is already used by many
millions of users, b) the "much larger user base" is a small fraction
of those millions consisting of (for example) certain financial
companies, a small number of privacy-concerned tech-savvy individuals,
etc., and c) we don't care how many people use Pidgin, anyway.  If you
can convince us something is a good idea, we'll either do it or accept
a patch for it.  If you can't, we don't care if the Pope, the Dalai
Lama, and Captain Reynolds got together and asked for it.

Ethan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <http://pidgin.im/pipermail/support/attachments/20131014/15569bd0/attachment.sig>

More information about the Support mailing list