[jitsi-dev] Re: TLS Configuration Dialogs


#1

You mean it's ready?
That's awesome!!!!! Mucho cooool! :slight_smile:

I can authenticate against my local Kamailio with the configured certificates. So, yeah :slight_smile:

This is just the signalling part though ... right? Or does this also
include the SDES?

That is just logging in at a proxy/registrar with a TLS client certificate, nothing about voice encryption at all (yet, that's what I'm attacking next).

Also .. what's that thing with the smartcard there? Does it allow
reading a certificate from a card? How does it access it?

Yepp, it reads SmartCards (the selected entry SuisseID is actually a SmartCard too). You can supply the .dll/.so of your PKCS#11 interface as the keystore file. Java then accesses it through a JNI wrapper (already included with the JRE) as a regular KeyStore.

A few quick thoughts:

1. Empty option on the first image should probably have a name? E.g.
"regular authentication" or "don't use a certificate" or something like
that. An empty entry seems somewhat ambiguous to me.

Yepp, I'll create that.

2. There seems to be a problem with the transparency in the panel with
the trusted root certificates source (second image).

Right, I saw that earlier and thought it magically disappeared. But it's obviously just the crappy LCD in my notebook...
Guess I have to create a SIPCommRadioButton? Or is that thing already around somewhere?

3. I think we could add a bit more text here too. Rather than just
saying they could be used for account configuration (which I am afraid
may sound somewhat cryptic to many uses), you might want to give an
example. Something like "... you can use these certificates when
authenticating with your SIP server for example or securing your
communication with it". WDYT?

What about:
"The configurations managed here can be chosen as client TLS certificates in the account configurations (e.g. to authenticate with a certificate against your SIP provider instead of a username and password)."

Ingo