mirror of
https://github.com/ChronosX88/psyced.git
synced 2024-12-05 00:22:19 +00:00
CHANGESTODO: how to handle privacy of native psyc clients
This commit is contained in:
parent
6627827c56
commit
4b7ead3d37
19
CHANGESTODO
19
CHANGESTODO
@ -1570,6 +1570,23 @@ ________________________________________________________________________
|
||||
(later people called this technique 'CERTIFICATE PINNING')
|
||||
|
||||
== PSYC CLIENTS ========================================================
|
||||
|
||||
- PSYC clients are currently not detected as being secure even if they
|
||||
connect by Tor, TLS or localhost. This is because the net/psyc/user object
|
||||
as such isn't connected and the attempt to find the corresponding circuit
|
||||
opens up the question: what if the user has several clients linked? Does
|
||||
a secure one qualify for the entire user object to be trustworthy? What if
|
||||
there is another client that isn't secure? Possible approach to solve the
|
||||
issue: Disallow any password-protected user to be logged in over insecure
|
||||
channels at any time. This is probably a good idea anyway as it respects
|
||||
the civil rights of *other* users that interact with this user in the
|
||||
expectation that conversations be private. This has the side effect that
|
||||
PSYC users are forced to register before entering @welcome, unless we also
|
||||
do the refactoring described in MULTIPLE CLIENT INTERFACES and somehow fix
|
||||
that aspect in the process. Or we just walk through all the links and make
|
||||
sure all of them are secure, but that raises the problem of dealing with a
|
||||
new insecure client connecting.
|
||||
|
||||
- tg runs into trouble using _do_enter and _do_leave. apparently the enter-echo
|
||||
is not accepted by the UNI and thus does not make it into _list_places
|
||||
- _do_leave does not forward the echo from remote places back to the client
|
||||
@ -1582,8 +1599,6 @@ ________________________________________________________________________
|
||||
? psyc clients haben uferlose idle times
|
||||
und sie altern nicht
|
||||
|
||||
? cryptochat raum?
|
||||
|
||||
? how to improve _request_store and _retrieve?
|
||||
look at http://asg.web.cmu.edu/acap/ for ideas
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user