Re: [Evolution-hackers] [evolution-kolab] using a TPM for SSL/TLS client certs, reloaded



On Tue, 2012-11-13 at 11:18 +0100, Christian Hilberg wrote:
> My question now (for documenting the status quo) is whether anyone
> is currently working on getting certificate-based client authentication
> utilizing a TPM flying in Evolution for OpenLDAP+GnuTLS at present
> or whether there are any plans to support this use case in the
> near future.

No one is working on it at the moment, and I don't see it being
supported in the near future without sufficient demand or external
contributors.

I can't speak for Milan, but for me it's more ignorance in this area
than objection or lack of interest.

I will say that I'd like to see Evolution (Camel in particular) stop
talking directly to NSS and defer certificate management to the various
security libraries and APIs in the GNOME platform -- p11-kit, libgck,
GTlsCertificate in libgio, etc.  We haven't even begun to utilize these
libraries yet (except perhaps through libsoup), and I sense there's a
lot of redundancy in our code that could be eliminated by doing so, not
to mention automatically gaining more consistent and probably improved
behavior.  But not yet being very familiar with these libraries, at
present I can only make hand-wavy motions in their general direction.

I'm hoping next year we can start taking real steps in that direction.

That's the best answer I can offer for now.  In the meantime, maybe
consider using a Virtual Private Network.  ;)

Matthew Barnes



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]