@dschuermann @brb-at I’m not talking about a cert management app “just for DAVdroid” but for all apps that want to allow self-signed certificates without importing them to the key store.
My opionion is that (custom) certificate management is a very delicate software part because it’s security-related. Any mistake can render the whole encryption useless, and repeated public code review and testing is needed. So, I don’t like the idea that every app contains its own certificate management, all in different versions and flavours, some never updated and with security-relevant issues that have been fixed in the library’s master tree for a long time. People also won’t review the certificate management code of the apps because they’re interested in the core functionality.
Also, I don’t consider MemorizingTrustManager in its current version as a “library” because I only see some files that I can merge into DAVdroid. That’s nice and I appreciate the work, but there’s too little task separation for me. I can’t update the trust manager lib just by replacing a .jar file or something like that – that would be the minimum if it’s not a standalone application whose service I can call.
I’d also like to hear your opinion about these points:
- What if the user doesn’t trust the default CAs shipping with Android? I’m quite sure some dubious default CA might issue certificate for the NSA if they get paid for it. So a custom certificate management solution should also provide a way to let the user decide about EVERY certificate, even it is issed by a “trusted” CA. (Disabling every single default CA in the trust store is quite cumbersome.)
- Certificate pinning would also be a nice thing because it would allow users to be notified when another certificate is used and to decide if that’s OK. That may be because the user doesn’t trust the installed CAs but may also be relevant in other cases (for instance, if the user’s company has a CA and only a server cert has changed [because for instance, an admin from another department you don’t trust has taken over the DNS]).
These features could be provided if a cert management app would provide a verification service that can be called not only by DAVdroid but by all apps which need this functionality (Owncloud apps, CalDAV Adapter etc.). This app could have a Settings screen where the user can select whether to trust default CAs.
Just in case that such a service would make sense, I’d contact the author(s) of MemorizingTrustManager and ask them about their opinion. Maybe they can create the app with the service and DAVdroid and the other apps could call it (if available, else use the default Android handling). In this case, updating the TrustManager would also be sourced out.
Of course, I’d like to get this thing done with as little work as required – but I fear that this issue just can’t be done with little work.