[reSIProcate] Security things to work on
Ok, here is a list of things that I would like as a birthday present:
The ability to take a simple UA, have it go to a credential server and get
it's public and private key when it starts up. Then make an encrypted
session with with another UA by going to a credential server, getting the
other UA's certificate and using S/MIME to talk to the UA.
The things I see we need to sort out to get this done are:
Add in support for Identity headers
Complete to code to compute Identity header
Complete code to check Identity header
Add support for cert and credential body types
Code to check that a received credential is signed correctly
Code to check when doing a PUBLISH of a credential that TLS connection is to
the correct host.
Do work in DUM to send a subscribe, get back body, and save in security
object
Have the security Object be able to be passed in certs and credentials and
cache them
have dum be able to send an IM encrypted and know it need to fetch the
credential first if it is not already available
Write some documentation on how to configure and use this stuff
Set up the code so a UA or Proxy can put in signed Identity headers
Make a trivial credential server that receives subscribes, reads results off
disk file and send them and instantly terminates the subscription.
To test all this, we probably needs a proxy that is capable of routing
SUBSCRIBES to the credential server
Write documentation on how to generate and install certificates
---------------
Would be nice but not needed stuff:
Figure out a reasonable way for the security to load/save domain and user
certificates and key to disk.
Get working with certs from cacert
Program to generate a credential and upload it to a credential server.
Move TuIM/limp to use DUM