From ce6b6bc1f8662ff24ec44fb76e869394b3f64328 Mon Sep 17 00:00:00 2001 From: Cosimo Cecchi Date: Mon, 9 Aug 2010 12:27:09 +0200 Subject: Update to the merged spec. --- extensions/Authentication_TLS_Certificate.xml | 175 ++++++++++++++++++---- extensions/Channel_Type_Server_TLS_Connection.xml | 27 ++-- 2 files changed, 159 insertions(+), 43 deletions(-) (limited to 'extensions') diff --git a/extensions/Authentication_TLS_Certificate.xml b/extensions/Authentication_TLS_Certificate.xml index 1063d085f..56e378f4c 100644 --- a/extensions/Authentication_TLS_Certificate.xml +++ b/extensions/Authentication_TLS_Certificate.xml @@ -26,8 +26,17 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - - The raw data contained in a TLS certificate. + +

The raw data contained in a TLS certificate.

+ +

For X.509 certificates (CertificateType + = "x509"), this MUST be in DER format, as defined by the + X.690 + ITU standard.

+ +

For PGP certificates (CertificateType + = "pgp"), this MUST be a binary OpenPGP key as defined by section 11.1 + of RFC 4880.

 @@ -38,13 +47,13 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. object. - + - The certificate has no state associated with it. + The certificate is currently waiting to be accepted or rejected. - + The certificate has been verified. @@ -62,37 +71,38 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Possible reasons to reject a TLS certificate. - - - No reason specified. - - - - + The certificate has been rejected for another reason not listed in this enumeration. - + The certificate is not trusted. - + The certificate is expired. - + The certificate is not active yet. + + + The certificate provided does not have the expected + fingerprint. + + + The hostname certified does not match the provided one. @@ -111,9 +121,18 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - + + + The certificate uses an insecure cipher algorithm, or is + cryptographically weak. + + + + - The certificate uses an insecure cipher algorithm. + The length in bytes of the certificate, or the depth of the + certificate chain exceed the limits imposed by the crypto + library. @@ -124,7 +143,64 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. The current state of this certificate. State change notifications happen by means of the - StateChanged signal. + Accepted and + Rejected signals. + + + + + +

If the State is Rejected, + the reason why the certificate was rejected; this MAY correspond to + the RejectReason, or MAY be a more + specific D-Bus error name, perhaps implementation-specific.

+

If the State is not Rejected, + this property is not meaningful, and SHOULD be set to an empty + string.

+ + + + + +

If the State is Rejected, + additional information about why the certificate was rejected.

+

If the State is not Rejected, + this property is not meaningful and SHOULD be set to an empty + map.

+

The additional information MAY also include + one or more of the following well-known keys:

+
+
user-requested (b)
+
True if the error was due to an user-requested rejection of + the certificate; False if there was an unrecoverable error in the + verification process.
+
expected-hostname (s)
+
If the rejection reason is Hostname_Mismatch, the hostname that + the server certificate was expected to have.
+
certificate-hostname (s)
+
If the rejection reason is Hostname_Mismatch, the hostname of + the certificate that was presented. + +

For instance, if you try to connect to gmail.com but are presented + with a TLS certificate issued to evil.example.org, the error details + for Hostname_Mismatch MAY include:

+ 
+	      {
+	        'expected-hostname': 'gmail.com',
+	        'certificate-hostname': 'evil.example.org',
+	      }
+
+ +
+
debug-message (s)
+
Debugging information on the error, corresponding to the + message part of a D-Bus error message, which SHOULD NOT be + displayed to users under normal circumstances
+
@@ -132,7 +208,15 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. tp:type="TLS_Certificate_Reject_Reason" tp:name-for-bindings="Reject_Reason"> - The reason why this certificate has been rejected. + If the State is Rejected, the + reason why the certificate was rejected. + + Clients that do not understand the RejectError, + which may be implementation-specific, can use this property to + classify rejection reasons into common categories. + + Otherwise, this property is not meaningful, and SHOULD be set to + Unknown. @@ -140,29 +224,46 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. tp:name-for-bindings="Certificate_Type"> The type of this TLS certificate (e.g. 'x509' or 'pgp'). +

This property is immutable

 - - The RAW PEM-encoded trust chain of this TLS certificate. + +

One or more TLS certificates forming a trust chain, each encoded as + specified by Certificate_Data.

+

The first certificate in the chain MUST be the server certificate, + followed by the issuer's certificate, followed by the issuer's issuer + and so on.

 - + - The state of this TLS certificate has changed. + The State of this certificate has changed to Accepted. - + + + + + The State of this certificate has changed to Rejected. + + - The new state of the TLS certificate. + The new value of RejectReason. - + - The reason why the state of the TLS certificate changed. + The new value of RejectError. + + + + + The new value of RejectDetails @@ -170,19 +271,29 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Accepts this certificate, i.e. marks it as verified. - This method doesn't do anything on local certificates. - Rejects this certificate. This method doesn't do anything - on local certificates. + Rejects this certificate. - The reason why this certificate is being rejected. + The new value of RejectReason. + + + + + The new value of RejectError. + + + + + The new value of RejectDetails. diff --git a/extensions/Channel_Type_Server_TLS_Connection.xml b/extensions/Channel_Type_Server_TLS_Connection.xml index 47042731f..af11218a9 100644 --- a/extensions/Channel_Type_Server_TLS_Connection.xml +++ b/extensions/Channel_Type_Server_TLS_Connection.xml @@ -24,16 +24,20 @@ -

- A channel type that carries a TLS certificate between a server - and a client connecting to it.
- Channels of this kind are never requested, are anonymous, and SHOULD be - dispatched while the - Connection - owning it is in the CONNECTING state.

+

A channel type that carries a TLS certificate between a server + and a client connecting to it.

+

Channels of this kind always have Requested = False, + TargetHandleType + = None and TargetHandle + = 0, and cannot be requested with methods such as CreateChannel. + Also, they SHOULD be dispatched while the + Connection + owning them is in the CONNECTING state.

In this case, handlers SHOULD accept or reject the certificate, using - the relevant methods on the provided object, or MAY just close the channel before doing so, to fall + the relevant methods on the provided object, or MAY just Close the channel before doing so, to fall back to a non-interactive verification process done inside the CM.

For example, channels of this kind can pop up while a client is connecting to an XMPP server.

@@ -42,10 +46,11 @@ - A A TLSCertificate.DRAFT containing the certificate chain as sent by the server, - and other relevant information. + and other relevant information.

+

This property is immutable.

 -- cgit v1.2.3