On 14/10/13 17:33, Ralf Skyper Kaiser wrote:
I agree, 1 of the 7 Security features is already possible with pidgin but requires source code recompilation. That's does not fly for most users (especially the windows users).
As far as I know, the Windows build is unable to use the system certificate store, so already uses one private to libpurple, but pre-populates it. You could simply clear it out. It is only on modern Linux systems where it is likely to share a certificate store, and those are the ones where compiling from source is likely to be easiest. (A packager could, fairly easily, point the certificate store at a symlink, which defaults to the system store, in those cases.)
It looks like Debian also uses a private directory for the certificates (/usr/share/purple/ca-certs/), and doesn't even install all that come with Pidgin.
Pidgin should be secure by default or - if Pidgin insists that it has to be insecure by default - at least the possibility for the user to use it securely. Without having to recompile from source (and cross platform).
You just have to look at the typical question on this list to realise that a secure by default Pidgin would be unusable to a large number of Pidgin users - if you cannot make a usable support request, you are unlikely to understand how to source and install certificates securely. There tends to be high support costs in making mass market software secure by default. (As I already noted, Windows seems to let almost every Tom, Dick or Harry to act as CAs by default, because starting with only class 3 certificates would cause too many support problems.)
If anything, making it "secure by default", if it doesn't scare off new users completely, is likely to result in lots of cook book solutions on how to get it to trust certificates without going through the proper processes to verify those certificates, thus teaching people bad security practices.
If Windows set all but class 3 CAs to disabled by default, I suspect the standard internet cook book solution would be simply to go into the certificate manager and enable them, whenever you got blocked.
Whist making the directory a run time parameter would, probably, be a small change, you would then have to lock down the configuration file.
Having to explicitly add trusted certificates won't fly with most end users. _______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: http://pidgin.im/cgi-bin/mailman/listinfo/support
