Presence and IntComm WG

[Neal McBurnett <>]

> [ACTION] (10/12) Candace and Neal will send out their notes from the
> October 5 Psi testing session ahead of the October 19 session.

Here are some notes, "just in time...".  They are very rough, but
should provide some good links, information and grist to work on.

I think we could help ourselves and others by helping update the psi
wiki at http://psi-im.org/wiki/

Cheers,

Neal McBurnett                 http://mcburnett.org/neal/
Signed and/or sealed mail encouraged.  GPG/PGP Keyid: 2C9EBA60

----

"XML Console" log is very handy (right click on your own id, and enable it)
"send message to group" (right click on group name) seems handy
 and seems that you can edit the To: line to change addressees

lots of features - can be confusing, but powerful

By default, doesn't pop up windows when folks try to add you or talk
to you - need to notice changes at bottom of "psi" window, and find
pulsing terminal icon next to users in question

things to test:
 file transfer
 end-to-end encryption
 using xml console to generate custom control messages (what would be useful?)
 logging (options/chat/delete chat window contents?)

options: 
 what is options/application/docklet?

 chat: raise chat window when received; tabbed mode; compact mode

 events: new headlines?  [msn alerts]

 groupchat: word highlighting
   colored nick highlighting - not working?

PSI does more SSL certificate verification than most xmpp clients, it
seems, and presents warning dialog boxes.

Notes on the certificate warning messages:

 The jabber.org certificate failed the authenticity test.
 Reason: invalid CA certificate
 How to configure new root CAs, e.g. cacert.org
   for cacert as root: get by hand or use 
http://affinix.com/~justin/cacert.xml
   for self-signed cert: use add_psi_cert.sh script (which won't chase
      for the appropriate self-signed root cert, which psi demands....)
    worked for self-signed cert at jabberwocky.net.isc.upenn.edu
    [what is plan for "native cert database" in linux?]
    prefer just putting new cert file in the directory

 gmail - must Modify Account/Connection/Ignore SSL Warnings and
         Allow Plaintext Login
    see http://forum.psi-im.org/thread/3512
    deal with gmail also - hostname does not match the one the
    certificate was issued to.  account: gmail.com in jabberid, but
    server is talk.google.com.  cert is for: talk google.com.  it
    would work if psi could do the STARTTLS mechanism over port 5222
    and see: http://forum.psi-im.org/thread/2632
     though I'm not convinced.  User does enter server name in config....

  see pages 1 and 2 of  
http://forum.psi-im.org/thread/2597,2;nocount;?unb893sess=f2137b54830e575db4482e88044687cf#postlisttop

  http://psi-im.org/wiki/SSL_Certificates_(QCA1)
   fix page to refer to cacert.xml file; note limitations of shell script;
        figure out why doesn't work to put root cert in rootcert.xml file;
        clarify it is a _subfolder_ of ~/.psi called certs

 [Get psi to include it and/or allow non-self-signed cert in certs dir....]
 or Account Setup->Modify->Connection->Ignore SSL warnings.

 manual addition: 
http://www.christophseibert.de/weblog/en/it/internet/instant-messaging/mac-psi-cacert.html

  http://article.gmane.org/gmane.network.jabber.admin/17613
  CA tests: To verify that you are allowed to use the domain you request the
  certificate for, it is enough to have access to the postmaster mail
  account of this domain. This access can be gotten by just
  registering a jabber account "postmaster" at amessage.
  http://mailman.jabber.org/pipermail/jadmin/2004-October/018669.html

  /usr/X11R6/share/psi/certs/rootcert.xml

  2004 cacert complaints [many of which may be misinterpretations or
  have changed since then??]:
  I don't see any place where they list the "reserved" accounts they
  accept for requests.
   when you try to add "example.com" to your account in CAcert, you'll
   be presented the following list of addresses with which you can
   prove ownership of the domain:
    root, hostmaster, postmaster, admin, webmaster. (all @example.com)

  halr9000 (Administrator) 08-15-2006, 21:49
  In a future version (possibly 0.11), this will be handled
  differently.  We will use the OS's native certificate store so no
  more hacking strange files.
  infiniti and polish certum ca  
    Even so, if they aren't in IE then I'm not going to add them.
    For now you'll have to manually add them to your Psi rootcerts if needed.

  http://forum.psi-im.org/thread/2597

   I saw this on the homepage of CAcert : 
https://www.cacert.org/index.php?id=3
   Anyone can help? Thanks
   edit : forget about that, I think I found what I need in this thread 
http://psi.affinix.com/forums/index.php?ac...0&hl=certificat
   edit2 : and the script there will be fullfil my dreams I think 
http://psi.affinix.com/forums/index.php?ac...7&hl=certificat

  http://www.cacert.org/help.php?id=2#notes

2006-09-13T14:16:49-0600 works with jabber.org, but error with google:
 "tls handshake error"