Spark prompt for unsigned certificates?

Ben_Summer · June 4, 2008, 8:10pm

The question: If, when using openfire and spark, the certificates on openfire are unsigned, is there a way to make spark prompt for the user to trust/accept them? (like for example, the way iChat will on OSX)

I’m completely new to spark and openfire and I’m trying to find a good secure IM solution. However, I’m going to self-sign the certificates. I want to have the user see “something” about the server cert (fingerprint, etc) so they know they’re not involved in a Man-in-the-Middle attack.

Is this possible with Spark?

Thanks in advance,

Ben

Jay · June 5, 2008, 1:11pm

At the moment this is not possible, but its in an area Im working on improving for Spark.

Ben_Summer · June 5, 2008, 2:33pm

I see. Thanks.

I guess my follow-up question would be if/when you’re using Spark, how do you know your conversation is secure?

Jay · June 5, 2008, 2:38pm

At the moment Spark does no checking of the server certificate, so the answer is “you assume”, which is to say you cant be 100% certain. In trunk (unreleased as of yet) there are improvements that allow for PKI auth, which require proper validation of the peer certificate, but there is still no way to view the certificate from Spark.