From b5e5d4af88422f5afc0377bb20a0863520911837 Mon Sep 17 00:00:00 2001 From: Cosimo Cecchi Date: Wed, 11 Aug 2010 18:33:36 +0200 Subject: Update spec snapshot --- extensions/Authentication_TLS_Certificate.xml | 308 +++++++++++----------- extensions/Channel_Type_Server_TLS_Connection.xml | 26 +- 2 files changed, 173 insertions(+), 161 deletions(-) diff --git a/extensions/Authentication_TLS_Certificate.xml b/extensions/Authentication_TLS_Certificate.xml index 56e378f4c..709ea282c 100644 --- a/extensions/Authentication_TLS_Certificate.xml +++ b/extensions/Authentication_TLS_Certificate.xml @@ -18,285 +18,287 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + tp:causes-havoc="experimental"> + (draft 1) This object represents a TLS certificate. + type="ay"> -

The raw data contained in a TLS certificate.

+

The raw data contained in a TLS certificate.

-

For X.509 certificates (CertificateType - = "x509"), this MUST be in DER format, as defined by the - X.690 - ITU standard.

+

For X.509 certificates (CertificateType + = "x509"), this MUST be in DER format, as defined by the + X.690 + ITU standard.

-

For PGP certificates (CertificateType - = "pgp"), this MUST be a binary OpenPGP key as defined by section 11.1 - of RFC 4880.

+

For PGP certificates (CertificateType + = "pgp"), this MUST be a binary OpenPGP key as defined by section 11.1 + of RFC 4880.

- The possible states for a TLSCertificate.DRAFT - object. + The possible states for a TLSCertificate.DRAFT + object. - - The certificate is currently waiting to be accepted or rejected. - + + The certificate is currently waiting to be accepted or rejected. + - - The certificate has been verified. - + + The certificate has been verified. + - - The certificate has been rejected. - + + The certificate has been rejected. + - Possible reasons to reject a TLS certificate. + Possible reasons to reject a TLS certificate. - - The certificate has been rejected for another reason - not listed in this enumeration. - + + The certificate has been rejected for another reason + not listed in this enumeration. + - - The certificate is not trusted. - + + The certificate is not trusted. + - - The certificate is expired. - + + The certificate is expired. + - - The certificate is not active yet. - + + The certificate is not active yet. + - - The certificate provided does not have the expected - fingerprint. - + + The certificate provided does not have the expected + fingerprint. + - - The hostname certified does not match the provided one. - + + The hostname certified does not match the provided one. + - - The certificate is self-signed. - + + The certificate is self-signed. + - - The certificate has been revoked. - + + The certificate has been revoked. + - - The certificate uses an insecure cipher algorithm, or is - cryptographically weak. - + + The certificate uses an insecure cipher algorithm, or is + cryptographically weak. + - - The length in bytes of the certificate, or the depth of the - certificate chain exceed the limits imposed by the crypto - library. - + + The length in bytes of the certificate, or the depth of the + certificate chain exceed the limits imposed by the crypto + library. + + tp:type="TLS_Certificate_State" + tp:name-for-bindings="State"> - The current state of this certificate. - State change notifications happen by means of the - Accepted and - Rejected signals. + The current state of this certificate. + State change notifications happen by means of the + Accepted and + Rejected signals. + tp:type="DBus_Error_Name" + tp:name-for-bindings="Reject_Error"> -

If the State is Rejected, - the reason why the certificate was rejected; this MAY correspond to - the RejectReason, or MAY be a more - specific D-Bus error name, perhaps implementation-specific.

-

If the State is not Rejected, - this property is not meaningful, and SHOULD be set to an empty - string.

+

If the State is Rejected, + the reason why the certificate was rejected; this MAY correspond to + the RejectReason, or MAY be a more + specific D-Bus error name, perhaps implementation-specific.

+

If the State is not Rejected, + this property is not meaningful, and SHOULD be set to an empty + string.

+ tp:type="String_Variant_Map" + tp:name-for-bindings="Reject_Details"> -

If the State is Rejected, - additional information about why the certificate was rejected.

-

If the State is not Rejected, - this property is not meaningful and SHOULD be set to an empty - map.

-

The additional information MAY also include - one or more of the following well-known keys:

-
-
user-requested (b)
-
True if the error was due to an user-requested rejection of - the certificate; False if there was an unrecoverable error in the - verification process.
-
expected-hostname (s)
-
If the rejection reason is Hostname_Mismatch, the hostname that - the server certificate was expected to have.
-
certificate-hostname (s)
-
If the rejection reason is Hostname_Mismatch, the hostname of - the certificate that was presented. - -

For instance, if you try to connect to gmail.com but are presented - with a TLS certificate issued to evil.example.org, the error details - for Hostname_Mismatch MAY include:

-
-	      {
-	        'expected-hostname': 'gmail.com',
-	        'certificate-hostname': 'evil.example.org',
-	      }
-	    
-
-
+

If the State is Rejected, + additional information about why the certificate was rejected.

+

If the State is not Rejected, + this property is not meaningful and SHOULD be set to an empty + map.

+

The additional information MAY also include + one or more of the following well-known keys:

+
+
user-requested (b)
+
True if the error was due to an user-requested rejection of + the certificate; False if there was an unrecoverable error in the + verification process.
+
expected-hostname (s)
+
If the rejection reason is Hostname_Mismatch, the hostname that + the server certificate was expected to have.
+
certificate-hostname (s)
+
If the rejection reason is Hostname_Mismatch, the hostname of + the certificate that was presented. + +

For instance, if you try to connect to gmail.com but are presented + with a TLS certificate issued to evil.example.org, the error details + for Hostname_Mismatch MAY include:

+
+              {
+                'expected-hostname': 'gmail.com',
+                'certificate-hostname': 'evil.example.org',
+              }
+            
+
+
debug-message (s)
Debugging information on the error, corresponding to the message part of a D-Bus error message, which SHOULD NOT be displayed to users under normal circumstances
-
+
+ tp:type="TLS_Certificate_Reject_Reason" + tp:name-for-bindings="Reject_Reason"> - If the State is Rejected, the - reason why the certificate was rejected. - - Clients that do not understand the RejectError, - which may be implementation-specific, can use this property to - classify rejection reasons into common categories. - - Otherwise, this property is not meaningful, and SHOULD be set to - Unknown. + If the State is Rejected, the + reason why the certificate was rejected. + + Clients that do not understand the RejectError, + which may be implementation-specific, can use this property to + classify rejection reasons into common categories. + + Otherwise, this property is not meaningful, and SHOULD be set to + Unknown. + tp:name-for-bindings="Certificate_Type"> - The type of this TLS certificate (e.g. 'x509' or 'pgp'). -

This property is immutable

+ The type of this TLS certificate (e.g. 'x509' or 'pgp'). +

This property is immutable

+ tp:type="Certificate_Data[]" tp:name-for-bindings="Certificate_Chain_Data"> -

One or more TLS certificates forming a trust chain, each encoded as - specified by Certificate_Data.

-

The first certificate in the chain MUST be the server certificate, - followed by the issuer's certificate, followed by the issuer's issuer - and so on.

+

One or more TLS certificates forming a trust chain, each encoded as + specified by Certificate_Data.

+

The first certificate in the chain MUST be the server certificate, + followed by the issuer's certificate, followed by the issuer's issuer + and so on.

+ tp:name-for-bindings="Accepted"> - The State of this certificate has changed to Accepted. + The State of this certificate has changed to Accepted. + tp:name-for-bindings="Rejected"> - The State of this certificate has changed to Rejected. + The State of this certificate has changed to Rejected. - - The new value of RejectReason. - + + The new value of RejectReason. + - - The new value of RejectError. - + + The new value of RejectError. + - - The new value of RejectDetails - + + The new value of RejectDetails + - Accepts this certificate, i.e. marks it as verified. + Accepts this certificate, i.e. marks it as verified. - Rejects this certificate. + Rejects this certificate. - - The new value of RejectReason. - + tp:type="TLS_Certificate_Reject_Reason"> + + The new value of RejectReason. + - - The new value of RejectError. - + tp:type="DBus_Error_Name"> + + The new value of RejectError. + - - The new value of RejectDetails. - + tp:type="String_Variant_Map"> + + The new value of RejectDetails. +
+ diff --git a/extensions/Channel_Type_Server_TLS_Connection.xml b/extensions/Channel_Type_Server_TLS_Connection.xml index af11218a9..977002f95 100644 --- a/extensions/Channel_Type_Server_TLS_Connection.xml +++ b/extensions/Channel_Type_Server_TLS_Connection.xml @@ -19,7 +19,8 @@ + tp:causes-havoc="experimental"> + (draft 1) @@ -44,16 +45,25 @@ + tp:name-for-bindings="ServerCertificate"> -

A TLSCertificate.DRAFT - containing the certificate chain as sent by the server, - and other relevant information.

-

This property is immutable.

+

A TLSCertificate.DRAFT + containing the certificate chain as sent by the server, + and other relevant information.

+

This property is immutable.

+
+
+ + + + The hostname of the server we expect ServerCertificate + to certify; clients SHOULD verify ServerCertificate against + this hostname when checking its validity.
- + -- cgit v1.2.3