From vetetix.3dxo7b at no-mx.jabberforum.org Sun Aug 10 10:31:14 2008 From: vetetix.3dxo7b at no-mx.jabberforum.org (vetetix) Date: Sun, 10 Aug 2008 17:31:14 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? Message-ID: Hi everyone, I've encountered many people saying that XMPP was better than SMTP for spam prevention, but I can't figure out how. I tried to find the reason why this is by myself, and I've tried to find an explanation through several Google searches, but I couldn't find any sufficient explanation, so I'm asking here. The argument that I've seen quite often is that with XMPP you can specify client side that you don't want to receive messages from unknown people, thus blocking most of the spam. The problem with this is that it blocks messages from any of your friends who isn't in your roster. Also, it forces you to add a contact in your roster if some service is likely to send you a message (which will be the case if XMPP is widely used for email one day). Finally, some mail providers have the option to block emails from unknown senders, so there is no advantage in using XMPP there, as it is a client side option in both cases. Is there another specification of the XMPP protocol that makes it more resistant to spam? I would be thinking of some sort of verification of the sender's identity, either by accepting only messages coming in a secure s2s channel, using a security certificate (not a self-signed certificate, a real one), or by verifying that the ip that sent an "from:foo at bar.com" message really is "bar.com". I don't see how XMPP could be more secure than SMTP regarding spam prevention without one of these two features, but I couldn't find anywhere on the net someone saying that it was the case. -- Thomas Arnoux -- vetetix ------------------------------------------------------------------------ vetetix's Profile: http://www.jabberforum.org/member.php?userid=17171 View this thread: http://www.jabberforum.org/showthread.php?t=564 From Lastwebpage.3dxvxn at no-mx.jabberforum.org Sun Aug 10 13:18:52 2008 From: Lastwebpage.3dxvxn at no-mx.jabberforum.org (Lastwebpage) Date: Sun, 10 Aug 2008 20:18:52 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? References: Message-ID: What about http://www.xmpp.org/extensions/xep-0159.html ? -- Lastwebpage ------------------------------------------------------------------------ Lastwebpage's Profile: http://www.jabberforum.org/member.php?userid=41 View this thread: http://www.jabberforum.org/showthread.php?t=564 From kevin at kismith.co.uk Sun Aug 10 15:18:37 2008 From: kevin at kismith.co.uk (Kevin Smith) Date: Sun, 10 Aug 2008 21:18:37 +0100 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: References: Message-ID: On Sun, Aug 10, 2008 at 4:31 PM, vetetix wrote: > I would be thinking of some sort of verification of > the sender's identity, either by accepting only messages coming in a > secure s2s channel, using a security certificate (not a self-signed > certificate, a real one), or by verifying that the ip that sent an > "from:foo at bar.com" message really is "bar.com". Right, the sending server's identity is assured - see RFC3920 for the details. /K From stpeter at stpeter.im Sun Aug 10 22:01:32 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Sun, 10 Aug 2008 21:01:32 -0600 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: References: Message-ID: <489FAB8C.5020102@stpeter.im> vetetix wrote: > I've encountered many people saying that XMPP was better than SMTP for > spam prevention, but I can't figure out how. I tried to find the reason > why this is by myself, and I've tried to find an explanation through > several Google searches, but I couldn't find any sufficient explanation, > so I'm asking here. I'll have to write a paper about this sometime, but here are some points to consider: 1. In XMPP, the sender's address is not asserted by the sender's client but instead is stamped by the sender's server. So a client can't fake the "from" address. (Naturally if you run the server you could fake addresses at your domain, so as the admin of jabber.org I could send messages from any address at jabber.org -- but I can't fake messages from other domains, see #2.) 2. In XMPP, servers check each other's identities, either through a DNS-based "dialback" protocol (RFC 3920 / XEP-0220) or real server certificates. So if I run a server at jabber.org I can't send messages putatively "from" microsoft.com or whitehouse.gov or whatever. (Also we don't have multi-hop routing, so modifications to the addresses can't happen between the sending server and receiving server.) 3. So far, server dialback has been sufficient to prevent most address spoofing on the network, but we have a certificate authority in place (visit https://www.xmpp.net/ for details) and we could fairly easily upgrade the network to certificate-based authentication between servers if needed. 4. XMPP is pure XML, and attackers can't easily attach malware like scripts and viruses to Jabber messages. This helps us avoid the unholy alliance between virus writers and spammers that has occurred on the email network. 5. A great deal of email spam (or spam+malware) is directed against a single platform: Outlook running on Windows. In the XMPP world we have a much more diverse software ecosystem. 6. In IM systems, people are accustomed to sharing presence / adding someone to their buddy list. There's less of a culture of "I must be able to accept messages from anyone in the world" as in email. You can say this is good or bad, but that's how it is -- so if someone bothers you, you can delete them from your friend list or block them at the server side (see RFC 3921 / XEP-0016) or the client side. 7. All XMPP server codebases have rate limiting in place to prevent a single client from sending a large number of messages (especially a large number of large messages) in a short period of time. 8. Although we have not seen very much one-to-one spam on the Jabber network (our biggest problem so far is abusive behavior in groupchat rooms), we are actively planning for the arrival of spam and have designed some spam-fighting measures such as challenge-response (CAPTCHA) forms to join groupchat rooms or add someone to your contact list -- see XEP-0158. 9. IM systems have traditionally been quite fragmented (and in many ways still are -- as witness ICQ, AIM, MSN, Yahoo!, Skype, etc.) so there isn't the expectation that you'll necessarily be able to send a message to any random person on the Internet. This probably makes IM less appealing to spammers than email is. (Remember, spam is a matter of economics, and there may simply not be enough money to be made via IM.) XMPP is not perfect. Spam is possible on our network, but it's not very easy. By design, spam is harder on the XMPP network than it is on the SMTP network, and if spam does start to occur more widely we will design and deploy even better spam-fighting tools (or, for instance, tighten up or turn off in-band registration, which is user-friendly but also makes it possible to create lots of accounts at multiple servers). However, XMPP does not need to be perfect. You don't need to be the fastest antelope in the herd to avoid being eaten by the lion, you just need to be faster than the slow antelope who get caught. Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature Url : http://mail.jabber.org/pipermail/juser/attachments/20080810/457c8709/attachment.bin From bronger at physik.rwth-aachen.de Mon Aug 11 03:07:13 2008 From: bronger at physik.rwth-aachen.de (Torsten Bronger) Date: Mon, 11 Aug 2008 10:07:13 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? References: <489FAB8C.5020102@stpeter.im> Message-ID: <87vdy8ug9a.fsf@physik.rwth-aachen.de> Hall?chen! Let me turn into devil's advocate for this thread. :-) Peter Saint-Andre writes: > [...] > > 1. In XMPP, the sender's address is not asserted by the sender's > client but instead is stamped by the sender's server. [...] > > 2. In XMPP, servers check each other's identities, either through > a DNS-based "dialback" protocol (RFC 3920 / XEP-0220) or real > server certificates. [...] > > 3. So far, server dialback has been sufficient to prevent most > address spoofing on the network, but we have a certificate > authority in place (visit https://www.xmpp.net/ for details) and > we could fairly easily upgrade the network to certificate-based > authentication between servers if needed. Okay, but what do you do with this information? Maintaining blacklists? See below. > 4. XMPP is pure XML, and attackers can't easily attach malware > like scripts and viruses to Jabber messages. [...] If XMPP becomes more important in daily communication, it will be also more intensively used to transfer binary data. The same happened to email in its history. So it will be the same as with email: sane client implementations must save us rather than the protocol itself. By the way, malware-via-http-link and phishing works for XMPP, too. > 5. A great deal of email spam (or spam+malware) is directed against > a single platform: Outlook running on Windows. [...] I don't think so. While I strongly dislike the use of Outlook, it is not the bad Outlook anymore from four years ago. The most recent UPS virus email hit a couple of Thunderbird-using collegues. If you really want to start the malicious attachment, no email client can help you. > 6. In IM systems, people are accustomed to sharing presence / > adding someone to their buddy list. [...] Subscription requests are enough for spammers. > 7. All XMPP server codebases have rate limiting in place to > prevent a single client from sending a large number of messages > [...] in a short period of time. Then generate a lot of pseudo users in a spamming server. > [...] > > 9. IM systems have traditionally been quite fragmented (and in > many ways still are -- as witness ICQ, AIM, MSN, Yahoo!, Skype, > etc.) so there isn't the expectation that you'll necessarily be > able to send a message to any random person on the Internet. [...] As long as a message costs hardly a milli-lira, it is not significant to spammers whether they reach X people, or X/. In (their) worst case, they lose only one order of magnitude, so the spam model still scales very well. > [...] > > However, XMPP does not need to be perfect. You don't need to be > the fastest antelope in the herd to avoid being eaten by the lion, > you just need to be faster than the slow antelope who get caught. Well, I don't think that the anti-spam plan should be built on the existence of other less spam-proof networks, not even partly. Besides, lions will not only focus on the slow antelope but also on the fat one. And we want XMPP to become fat, don't we? ;-) Sorry but I'm not convinced. This sounds like a mixture of hoping-for-the-best and application of SMTP anti-spam techniques that have turned out to be rather wasteful. However, I see one advantage over SMTP, namely that there's still an almost completely non-commercial community that has some sort of central authority (XSF). So: Make a server whitelist! https://www.xmpp.net/ is the first step in this direction. Only servers on this list make S2S traffic. Then, you need an automatic tool for measuring spam, something like the SpamAssassin -- not for filtering but only for measurements. So it needn't be perfect. And every server that sends spam above a threshold is first warned and then removed from the list. This would break the potential benefit for spammerd by *several* orders of magnitude, and then it is not worth it anymore. [SMTP can't do it because a) there is no significant authority and b) Hotmail, Gmail, GMX etc can't sell their products anymore if there is no spam.] Maybe you had this in mind with your points 1-3, however, I didn't see it there. Tsch?, Torsten. -- Torsten Bronger, aquisgrana, europa vetus Jabber ID: torsten.bronger at jabber.rwth-aachen.de From Lastwebpage.3dz4kc at no-mx.jabberforum.org Mon Aug 11 05:22:49 2008 From: Lastwebpage.3dz4kc at no-mx.jabberforum.org (Lastwebpage) Date: Mon, 11 Aug 2008 12:22:49 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> Message-ID: Hello I notice another point, where I see no solution, and I must admit, I have no good ideas too, but its similiar to email spam. After spend some thoughts I think this is the main point of all spam problems. What about the JID creation? When I would be a spammer, I would create a account on jabber.org. After I get the JID I would start my program which connect to different servers, search for users in MUCs or use the user directories and hope that enough people buy my little blue pills. After some hours I notice that some servers starts to block my spam-messages. oooohhhh, okay, visit jabber.org again to get a new JID cost 10 seconds... :p Some kind of capchas will not prevent me to create a new JID, it would only block, maybe, my spam-app to do this automatic. ==================================== Some question about this: -Why there is no time delay between the click on the "register" button and the JID creation? If I am a regular user I can wait one hour or longer before I get my JID for Jabber. There is no need for me to get this JID immediately. -Why there is not any kind of authentification? On every moderated mailinglist, email account or other wenbservices I get an email with a confirmation link. Sure, this eMails are not the best solution, but better than nothing. Peter -- Lastwebpage ------------------------------------------------------------------------ Lastwebpage's Profile: http://www.jabberforum.org/member.php?userid=41 View this thread: http://www.jabberforum.org/showthread.php?t=564 From bronger at physik.rwth-aachen.de Mon Aug 11 06:24:39 2008 From: bronger at physik.rwth-aachen.de (Torsten Bronger) Date: Mon, 11 Aug 2008 13:24:39 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> Message-ID: <87od3zvloo.fsf@physik.rwth-aachen.de> Hall?chen! Lastwebpage writes: > Hello > I notice another point, where I see no solution, and I must admit, I > have no good ideas too, but its similiar to email spam. After spend some > thoughts I think this is the main point of all spam problems. > > What about the JID creation? > When I would be a spammer, I would create a account on jabber.org. > After I get the JID I would start my program which connect to different > servers, search for users in MUCs or use the user directories and hope > that enough people buy my little blue pills. > > After some hours I notice that some servers starts to block my > spam-messages. oooohhhh, okay, visit jabber.org again to get a new JID > cost 10 seconds... :p This is what Peter Saint-Andre meant with >>> (or, for instance, tighten up or turn off in-band registration, >>> which is user-friendly but also makes it possible to create lots >>> of accounts at multiple servers). I'd love to keep this feature, though. Tsch?, Torsten. -- Torsten Bronger, aquisgrana, europa vetus Jabber ID: torsten.bronger at jabber.rwth-aachen.de From lambda512 at gmail.com Mon Aug 11 07:39:38 2008 From: lambda512 at gmail.com (naw) Date: Mon, 11 Aug 2008 14:39:38 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: References: <87vdy8ug9a.fsf@physik.rwth-aachen.de> Message-ID: <200808111439.50599.lambda512@gmail.com> El Lunes 11 Agosto 2008, Lastwebpage escribi?: > Some question about this: > -Why there is no time delay between the click on the "register" button > and the JID creation? The spammer could create idle accounts while spamming, and when his current account gets blocked, he simply pick one of the account created before. I think that for that kind of things should be better to force to send an email with a confirmation link. > If I am a regular user I can wait one hour or longer before I get my > JID for Jabber. There is no need for me to get this JID immediately. > Maybe you, but figure that I'm explaing to somebody how connect to jabber (i.e. because his legacy system is offline): Ok, open your client, and choose an username, click register, now wait an hour.... At this point I prefer to not see his/her face. And in a hour, the legacy service will have become online again. > -Why there is not any kind of authentification? > On every moderated mailinglist, email account or other wenbservices I > get an email with a confirmation link. Sure, this eMails are not the > best solution, but better than nothing. > -- Jabber-ID: lambda512 at jabberes.org lambda512 at gmail.com From stpeter at stpeter.im Mon Aug 11 07:32:26 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Mon, 11 Aug 2008 06:32:26 -0600 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: <87od3zvloo.fsf@physik.rwth-aachen.de> References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> <87od3zvloo.fsf@physik.rwth-aachen.de> Message-ID: <48A0315A.90309@stpeter.im> Torsten Bronger wrote: > Hall?chen! > > Lastwebpage writes: > >> Hello >> I notice another point, where I see no solution, and I must admit, I >> have no good ideas too, but its similiar to email spam. After spend some >> thoughts I think this is the main point of all spam problems. >> >> What about the JID creation? >> When I would be a spammer, I would create a account on jabber.org. >> After I get the JID I would start my program which connect to different >> servers, search for users in MUCs or use the user directories and hope >> that enough people buy my little blue pills. >> >> After some hours I notice that some servers starts to block my >> spam-messages. oooohhhh, okay, visit jabber.org again to get a new JID >> cost 10 seconds... :p > > This is what Peter Saint-Andre meant with > >>>> (or, for instance, tighten up or turn off in-band registration, >>>> which is user-friendly but also makes it possible to create lots >>>> of accounts at multiple servers). > > I'd love to keep this feature, though. That's why we're defining CAPTCHA forms (which can be used for in-band registration, joining a groupchat rooms, etc.): http://www.xmpp.org/extensions/xep-0158.html Not that CAPTCHAs are a perfect technology either! But if we truly started to experience the kinds of attacks you're talking about, we would also combine tighter in-band registration with things like IP blocking (as well as existing tools like rate limiting). Remember, perfection is not an option. :) Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature Url : http://mail.jabber.org/pipermail/juser/attachments/20080811/4b9b97f3/attachment.bin From stpeter at stpeter.im Mon Aug 11 07:44:59 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Mon, 11 Aug 2008 06:44:59 -0600 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: <87vdy8ug9a.fsf@physik.rwth-aachen.de> References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> Message-ID: <48A0344B.9000801@stpeter.im> Torsten Bronger wrote: > Hall?chen! > > Let me turn into devil's advocate for this thread. :-) > > Peter Saint-Andre writes: > >> [...] >> >> 1. In XMPP, the sender's address is not asserted by the sender's >> client but instead is stamped by the sender's server. [...] >> >> 2. In XMPP, servers check each other's identities, either through >> a DNS-based "dialback" protocol (RFC 3920 / XEP-0220) or real >> server certificates. [...] >> >> 3. So far, server dialback has been sufficient to prevent most >> address spoofing on the network, but we have a certificate >> authority in place (visit https://www.xmpp.net/ for details) and >> we could fairly easily upgrade the network to certificate-based >> authentication between servers if needed. > > Okay, but what do you do with this information? Maintaining > blacklists? See below. If someone runs an abusive server and they've received a certificate from the CA we run, we can revoke their cert. But the issue at hand was not rogue servers, it was address spoofing and weak identity. >> 4. XMPP is pure XML, and attackers can't easily attach malware >> like scripts and viruses to Jabber messages. [...] > > If XMPP becomes more important in daily communication, it will be > also more intensively used to transfer binary data. Agreed. See for instance: http://www.xmpp.org/extensions/xep-0231.html We need to be careful about how we use such technologies. > The same > happened to email in its history. So it will be the same as with > email: sane client implementations must save us rather than the > protocol itself. By the way, malware-via-http-link and phishing > works for XMPP, too. Sure it does. Lots of end users are not very smart about whether or not to click a link. No technology solution is going to solve that problem. >> 5. A great deal of email spam (or spam+malware) is directed against >> a single platform: Outlook running on Windows. [...] > > I don't think so. While I strongly dislike the use of Outlook, it > is not the bad Outlook anymore from four years ago. The most recent > UPS virus email hit a couple of Thunderbird-using collegues. If you > really want to start the malicious attachment, no email client can > help you. Perhaps. I have not studied the matter in great detail. >> 6. In IM systems, people are accustomed to sharing presence / >> adding someone to their buddy list. [...] > > Subscription requests are enough for spammers. But we can use CAPTCHA forms for that, too: http://www.xmpp.org/extensions/xep-0158.html See also here: http://www.xmpp.org/extensions/xep-0158.html There is one tool to solve all problems. >> 7. All XMPP server codebases have rate limiting in place to >> prevent a single client from sending a large number of messages >> [...] in a short period of time. > > Then generate a lot of pseudo users in a spamming server. Then you're a rogue server and we'll block you (once we have better tools to communicate the existence of rogue servers and abusive traffic, see http://www.xmpp.org/extensions/xep-0161.html etc.). >> [...] >> >> 9. IM systems have traditionally been quite fragmented (and in >> many ways still are -- as witness ICQ, AIM, MSN, Yahoo!, Skype, >> etc.) so there isn't the expectation that you'll necessarily be >> able to send a message to any random person on the Internet. [...] > > As long as a message costs hardly a milli-lira, it is not > significant to spammers whether they reach X people, or > X/. In (their) worst case, they lose only one > order of magnitude, so the spam model still scales very well. My point was more psychological than technological -- IM may be perceived as less interesting because it's not an open system like email. Yet. >> [...] >> >> However, XMPP does not need to be perfect. You don't need to be >> the fastest antelope in the herd to avoid being eaten by the lion, >> you just need to be faster than the slow antelope who get caught. > > Well, I don't think that the anti-spam plan should be built on the > existence of other less spam-proof networks, not even partly. Why not? That's the reality. Perfection is not an option. > Besides, lions will not only focus on the slow antelope but also on > the fat one. And we want XMPP to become fat, don't we? ;-) Heh. > Sorry but I'm not convinced. This sounds like a mixture of > hoping-for-the-best and application of SMTP anti-spam techniques > that have turned out to be rather wasteful. > > However, I see one advantage over SMTP, namely that there's still an > almost completely non-commercial community that has some sort of > central authority (XSF). So: Make a server whitelist! Doesn't that introduce a single point of failure? > https://www.xmpp.net/ is the first step in this direction. Only > servers on this list make S2S traffic. Then, you need an automatic > tool for measuring spam, something like the SpamAssassin -- not for > filtering but only for measurements. So it needn't be perfect. And > every server that sends spam above a threshold is first warned and > then removed from the list. > > This would break the potential benefit for spammerd by *several* > orders of magnitude, and then it is not worth it anymore. > > [SMTP can't do it because a) there is no significant authority and > b) Hotmail, Gmail, GMX etc can't sell their products anymore if > there is no spam.] > > Maybe you had this in mind with your points 1-3, however, I didn't > see it there. I'm not a big fan of centralized solutions with single points of failure. Then the spammers simply need to attack xmpp.net and they can spam as much as they want. Better, I think, to use a distributed model where each server has "buddies" it trusts, and ask those buddy servers about new servers that appear on the network. Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature Url : http://mail.jabber.org/pipermail/juser/attachments/20080811/bf85431e/attachment-0001.bin From stpeter at stpeter.im Mon Aug 11 08:51:23 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Mon, 11 Aug 2008 07:51:23 -0600 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: <48A0344B.9000801@stpeter.im> References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> <48A0344B.9000801@stpeter.im> Message-ID: <48A043DB.60703@stpeter.im> Peter Saint-Andre wrote: > There is one tool to solve all problems. Er, I meant to say: There is no one tool to solve all problems. :) /psa -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature Url : http://mail.jabber.org/pipermail/juser/attachments/20080811/425d54ae/attachment.bin From stpeter at stpeter.im Tue Aug 19 11:38:50 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Tue, 19 Aug 2008 10:38:50 -0600 Subject: [Juser] end-to-end security discussions Message-ID: <48AAF71A.1080905@stpeter.im> BTW, we are having a fun discussion about end-to-end security on the security at xmpp.org list and could use some input from client developers, service administrators, and interested others about what kind of interaction model makes the most sense for end users (e.g., regarding identity and authentication). The discussion starts here: http://mail.jabber.org/pipermail/security/2008-August/000067.html You can join the list via either of the following links: mailto:security-subscribe at xmpp.org http://mail.jabber.org/mailman/listinfo/security See you there! /psa -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature Url : http://mail.jabber.org/pipermail/juser/attachments/20080819/3077e564/attachment.bin From lrbh406 at hotmail.com Tue Aug 19 12:42:13 2008 From: lrbh406 at hotmail.com (Leonardo Oliveira) Date: Tue, 19 Aug 2008 17:42:13 +0000 Subject: [Juser] end-to-end security discussions In-Reply-To: <48AAF71A.1080905@stpeter.im> References: <48AAF71A.1080905@stpeter.im> Message-ID: remove > Date: Tue, 19 Aug 2008 10:38:50 -0600> From: stpeter at stpeter.im> To: standards at xmpp.org; jdev at jabber.org; operators at xmpp.org; juser at jabber.org> Subject: [Juser] end-to-end security discussions> > BTW, we are having a fun discussion about end-to-end security on the > security at xmpp.org list and could use some input from client developers, > service administrators, and interested others about what kind of > interaction model makes the most sense for end users (e.g., regarding > identity and authentication). The discussion starts here:> > http://mail.jabber.org/pipermail/security/2008-August/000067.html> > You can join the list via either of the following links:> > mailto:security-subscribe at xmpp.org> > http://mail.jabber.org/mailman/listinfo/security> > See you there!> > /psa _________________________________________________________________ Confira v?deos com not?cias do NY Times, gols direto do Lance, videocassetadas e muito mais no MSN Video! http://video.msn.com/?mkt=pt-br -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.jabber.org/pipermail/juser/attachments/20080819/06cb0193/attachment.htm From vetetix.3dxo7b at no-mx.jabberforum.org Sun Aug 10 10:31:14 2008 From: vetetix.3dxo7b at no-mx.jabberforum.org (vetetix) Date: Sun, 10 Aug 2008 17:31:14 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? Message-ID: Hi everyone, I've encountered many people saying that XMPP was better than SMTP for spam prevention, but I can't figure out how. I tried to find the reason why this is by myself, and I've tried to find an explanation through several Google searches, but I couldn't find any sufficient explanation, so I'm asking here. The argument that I've seen quite often is that with XMPP you can specify client side that you don't want to receive messages from unknown people, thus blocking most of the spam. The problem with this is that it blocks messages from any of your friends who isn't in your roster. Also, it forces you to add a contact in your roster if some service is likely to send you a message (which will be the case if XMPP is widely used for email one day). Finally, some mail providers have the option to block emails from unknown senders, so there is no advantage in using XMPP there, as it is a client side option in both cases. Is there another specification of the XMPP protocol that makes it more resistant to spam? I would be thinking of some sort of verification of the sender's identity, either by accepting only messages coming in a secure s2s channel, using a security certificate (not a self-signed certificate, a real one), or by verifying that the ip that sent an "from:foo at bar.com" message really is "bar.com". I don't see how XMPP could be more secure than SMTP regarding spam prevention without one of these two features, but I couldn't find anywhere on the net someone saying that it was the case. -- Thomas Arnoux -- vetetix ------------------------------------------------------------------------ vetetix's Profile: http://www.jabberforum.org/member.php?userid=17171 View this thread: http://www.jabberforum.org/showthread.php?t=564 From Lastwebpage.3dxvxn at no-mx.jabberforum.org Sun Aug 10 13:18:52 2008 From: Lastwebpage.3dxvxn at no-mx.jabberforum.org (Lastwebpage) Date: Sun, 10 Aug 2008 20:18:52 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? References: Message-ID: What about http://www.xmpp.org/extensions/xep-0159.html ? -- Lastwebpage ------------------------------------------------------------------------ Lastwebpage's Profile: http://www.jabberforum.org/member.php?userid=41 View this thread: http://www.jabberforum.org/showthread.php?t=564 From kevin at kismith.co.uk Sun Aug 10 15:18:37 2008 From: kevin at kismith.co.uk (Kevin Smith) Date: Sun, 10 Aug 2008 21:18:37 +0100 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: References: Message-ID: On Sun, Aug 10, 2008 at 4:31 PM, vetetix wrote: > I would be thinking of some sort of verification of > the sender's identity, either by accepting only messages coming in a > secure s2s channel, using a security certificate (not a self-signed > certificate, a real one), or by verifying that the ip that sent an > "from:foo at bar.com" message really is "bar.com". Right, the sending server's identity is assured - see RFC3920 for the details. /K From stpeter at stpeter.im Sun Aug 10 22:01:32 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Sun, 10 Aug 2008 21:01:32 -0600 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: References: Message-ID: <489FAB8C.5020102@stpeter.im> vetetix wrote: > I've encountered many people saying that XMPP was better than SMTP for > spam prevention, but I can't figure out how. I tried to find the reason > why this is by myself, and I've tried to find an explanation through > several Google searches, but I couldn't find any sufficient explanation, > so I'm asking here. I'll have to write a paper about this sometime, but here are some points to consider: 1. In XMPP, the sender's address is not asserted by the sender's client but instead is stamped by the sender's server. So a client can't fake the "from" address. (Naturally if you run the server you could fake addresses at your domain, so as the admin of jabber.org I could send messages from any address at jabber.org -- but I can't fake messages from other domains, see #2.) 2. In XMPP, servers check each other's identities, either through a DNS-based "dialback" protocol (RFC 3920 / XEP-0220) or real server certificates. So if I run a server at jabber.org I can't send messages putatively "from" microsoft.com or whitehouse.gov or whatever. (Also we don't have multi-hop routing, so modifications to the addresses can't happen between the sending server and receiving server.) 3. So far, server dialback has been sufficient to prevent most address spoofing on the network, but we have a certificate authority in place (visit https://www.xmpp.net/ for details) and we could fairly easily upgrade the network to certificate-based authentication between servers if needed. 4. XMPP is pure XML, and attackers can't easily attach malware like scripts and viruses to Jabber messages. This helps us avoid the unholy alliance between virus writers and spammers that has occurred on the email network. 5. A great deal of email spam (or spam+malware) is directed against a single platform: Outlook running on Windows. In the XMPP world we have a much more diverse software ecosystem. 6. In IM systems, people are accustomed to sharing presence / adding someone to their buddy list. There's less of a culture of "I must be able to accept messages from anyone in the world" as in email. You can say this is good or bad, but that's how it is -- so if someone bothers you, you can delete them from your friend list or block them at the server side (see RFC 3921 / XEP-0016) or the client side. 7. All XMPP server codebases have rate limiting in place to prevent a single client from sending a large number of messages (especially a large number of large messages) in a short period of time. 8. Although we have not seen very much one-to-one spam on the Jabber network (our biggest problem so far is abusive behavior in groupchat rooms), we are actively planning for the arrival of spam and have designed some spam-fighting measures such as challenge-response (CAPTCHA) forms to join groupchat rooms or add someone to your contact list -- see XEP-0158. 9. IM systems have traditionally been quite fragmented (and in many ways still are -- as witness ICQ, AIM, MSN, Yahoo!, Skype, etc.) so there isn't the expectation that you'll necessarily be able to send a message to any random person on the Internet. This probably makes IM less appealing to spammers than email is. (Remember, spam is a matter of economics, and there may simply not be enough money to be made via IM.) XMPP is not perfect. Spam is possible on our network, but it's not very easy. By design, spam is harder on the XMPP network than it is on the SMTP network, and if spam does start to occur more widely we will design and deploy even better spam-fighting tools (or, for instance, tighten up or turn off in-band registration, which is user-friendly but also makes it possible to create lots of accounts at multiple servers). However, XMPP does not need to be perfect. You don't need to be the fastest antelope in the herd to avoid being eaten by the lion, you just need to be faster than the slow antelope who get caught. Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature URL: From bronger at physik.rwth-aachen.de Mon Aug 11 03:07:13 2008 From: bronger at physik.rwth-aachen.de (Torsten Bronger) Date: Mon, 11 Aug 2008 10:07:13 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? References: <489FAB8C.5020102@stpeter.im> Message-ID: <87vdy8ug9a.fsf@physik.rwth-aachen.de> Hall?chen! Let me turn into devil's advocate for this thread. :-) Peter Saint-Andre writes: > [...] > > 1. In XMPP, the sender's address is not asserted by the sender's > client but instead is stamped by the sender's server. [...] > > 2. In XMPP, servers check each other's identities, either through > a DNS-based "dialback" protocol (RFC 3920 / XEP-0220) or real > server certificates. [...] > > 3. So far, server dialback has been sufficient to prevent most > address spoofing on the network, but we have a certificate > authority in place (visit https://www.xmpp.net/ for details) and > we could fairly easily upgrade the network to certificate-based > authentication between servers if needed. Okay, but what do you do with this information? Maintaining blacklists? See below. > 4. XMPP is pure XML, and attackers can't easily attach malware > like scripts and viruses to Jabber messages. [...] If XMPP becomes more important in daily communication, it will be also more intensively used to transfer binary data. The same happened to email in its history. So it will be the same as with email: sane client implementations must save us rather than the protocol itself. By the way, malware-via-http-link and phishing works for XMPP, too. > 5. A great deal of email spam (or spam+malware) is directed against > a single platform: Outlook running on Windows. [...] I don't think so. While I strongly dislike the use of Outlook, it is not the bad Outlook anymore from four years ago. The most recent UPS virus email hit a couple of Thunderbird-using collegues. If you really want to start the malicious attachment, no email client can help you. > 6. In IM systems, people are accustomed to sharing presence / > adding someone to their buddy list. [...] Subscription requests are enough for spammers. > 7. All XMPP server codebases have rate limiting in place to > prevent a single client from sending a large number of messages > [...] in a short period of time. Then generate a lot of pseudo users in a spamming server. > [...] > > 9. IM systems have traditionally been quite fragmented (and in > many ways still are -- as witness ICQ, AIM, MSN, Yahoo!, Skype, > etc.) so there isn't the expectation that you'll necessarily be > able to send a message to any random person on the Internet. [...] As long as a message costs hardly a milli-lira, it is not significant to spammers whether they reach X people, or X/. In (their) worst case, they lose only one order of magnitude, so the spam model still scales very well. > [...] > > However, XMPP does not need to be perfect. You don't need to be > the fastest antelope in the herd to avoid being eaten by the lion, > you just need to be faster than the slow antelope who get caught. Well, I don't think that the anti-spam plan should be built on the existence of other less spam-proof networks, not even partly. Besides, lions will not only focus on the slow antelope but also on the fat one. And we want XMPP to become fat, don't we? ;-) Sorry but I'm not convinced. This sounds like a mixture of hoping-for-the-best and application of SMTP anti-spam techniques that have turned out to be rather wasteful. However, I see one advantage over SMTP, namely that there's still an almost completely non-commercial community that has some sort of central authority (XSF). So: Make a server whitelist! https://www.xmpp.net/ is the first step in this direction. Only servers on this list make S2S traffic. Then, you need an automatic tool for measuring spam, something like the SpamAssassin -- not for filtering but only for measurements. So it needn't be perfect. And every server that sends spam above a threshold is first warned and then removed from the list. This would break the potential benefit for spammerd by *several* orders of magnitude, and then it is not worth it anymore. [SMTP can't do it because a) there is no significant authority and b) Hotmail, Gmail, GMX etc can't sell their products anymore if there is no spam.] Maybe you had this in mind with your points 1-3, however, I didn't see it there. Tsch?, Torsten. -- Torsten Bronger, aquisgrana, europa vetus Jabber ID: torsten.bronger at jabber.rwth-aachen.de From Lastwebpage.3dz4kc at no-mx.jabberforum.org Mon Aug 11 05:22:49 2008 From: Lastwebpage.3dz4kc at no-mx.jabberforum.org (Lastwebpage) Date: Mon, 11 Aug 2008 12:22:49 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> Message-ID: Hello I notice another point, where I see no solution, and I must admit, I have no good ideas too, but its similiar to email spam. After spend some thoughts I think this is the main point of all spam problems. What about the JID creation? When I would be a spammer, I would create a account on jabber.org. After I get the JID I would start my program which connect to different servers, search for users in MUCs or use the user directories and hope that enough people buy my little blue pills. After some hours I notice that some servers starts to block my spam-messages. oooohhhh, okay, visit jabber.org again to get a new JID cost 10 seconds... :p Some kind of capchas will not prevent me to create a new JID, it would only block, maybe, my spam-app to do this automatic. ==================================== Some question about this: -Why there is no time delay between the click on the "register" button and the JID creation? If I am a regular user I can wait one hour or longer before I get my JID for Jabber. There is no need for me to get this JID immediately. -Why there is not any kind of authentification? On every moderated mailinglist, email account or other wenbservices I get an email with a confirmation link. Sure, this eMails are not the best solution, but better than nothing. Peter -- Lastwebpage ------------------------------------------------------------------------ Lastwebpage's Profile: http://www.jabberforum.org/member.php?userid=41 View this thread: http://www.jabberforum.org/showthread.php?t=564 From bronger at physik.rwth-aachen.de Mon Aug 11 06:24:39 2008 From: bronger at physik.rwth-aachen.de (Torsten Bronger) Date: Mon, 11 Aug 2008 13:24:39 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> Message-ID: <87od3zvloo.fsf@physik.rwth-aachen.de> Hall?chen! Lastwebpage writes: > Hello > I notice another point, where I see no solution, and I must admit, I > have no good ideas too, but its similiar to email spam. After spend some > thoughts I think this is the main point of all spam problems. > > What about the JID creation? > When I would be a spammer, I would create a account on jabber.org. > After I get the JID I would start my program which connect to different > servers, search for users in MUCs or use the user directories and hope > that enough people buy my little blue pills. > > After some hours I notice that some servers starts to block my > spam-messages. oooohhhh, okay, visit jabber.org again to get a new JID > cost 10 seconds... :p This is what Peter Saint-Andre meant with >>> (or, for instance, tighten up or turn off in-band registration, >>> which is user-friendly but also makes it possible to create lots >>> of accounts at multiple servers). I'd love to keep this feature, though. Tsch?, Torsten. -- Torsten Bronger, aquisgrana, europa vetus Jabber ID: torsten.bronger at jabber.rwth-aachen.de From lambda512 at gmail.com Mon Aug 11 07:39:38 2008 From: lambda512 at gmail.com (naw) Date: Mon, 11 Aug 2008 14:39:38 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: References: <87vdy8ug9a.fsf@physik.rwth-aachen.de> Message-ID: <200808111439.50599.lambda512@gmail.com> El Lunes 11 Agosto 2008, Lastwebpage escribi?: > Some question about this: > -Why there is no time delay between the click on the "register" button > and the JID creation? The spammer could create idle accounts while spamming, and when his current account gets blocked, he simply pick one of the account created before. I think that for that kind of things should be better to force to send an email with a confirmation link. > If I am a regular user I can wait one hour or longer before I get my > JID for Jabber. There is no need for me to get this JID immediately. > Maybe you, but figure that I'm explaing to somebody how connect to jabber (i.e. because his legacy system is offline): Ok, open your client, and choose an username, click register, now wait an hour.... At this point I prefer to not see his/her face. And in a hour, the legacy service will have become online again. > -Why there is not any kind of authentification? > On every moderated mailinglist, email account or other wenbservices I > get an email with a confirmation link. Sure, this eMails are not the > best solution, but better than nothing. > -- Jabber-ID: lambda512 at jabberes.org lambda512 at gmail.com From stpeter at stpeter.im Mon Aug 11 07:32:26 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Mon, 11 Aug 2008 06:32:26 -0600 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: <87od3zvloo.fsf@physik.rwth-aachen.de> References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> <87od3zvloo.fsf@physik.rwth-aachen.de> Message-ID: <48A0315A.90309@stpeter.im> Torsten Bronger wrote: > Hall?chen! > > Lastwebpage writes: > >> Hello >> I notice another point, where I see no solution, and I must admit, I >> have no good ideas too, but its similiar to email spam. After spend some >> thoughts I think this is the main point of all spam problems. >> >> What about the JID creation? >> When I would be a spammer, I would create a account on jabber.org. >> After I get the JID I would start my program which connect to different >> servers, search for users in MUCs or use the user directories and hope >> that enough people buy my little blue pills. >> >> After some hours I notice that some servers starts to block my >> spam-messages. oooohhhh, okay, visit jabber.org again to get a new JID >> cost 10 seconds... :p > > This is what Peter Saint-Andre meant with > >>>> (or, for instance, tighten up or turn off in-band registration, >>>> which is user-friendly but also makes it possible to create lots >>>> of accounts at multiple servers). > > I'd love to keep this feature, though. That's why we're defining CAPTCHA forms (which can be used for in-band registration, joining a groupchat rooms, etc.): http://www.xmpp.org/extensions/xep-0158.html Not that CAPTCHAs are a perfect technology either! But if we truly started to experience the kinds of attacks you're talking about, we would also combine tighter in-band registration with things like IP blocking (as well as existing tools like rate limiting). Remember, perfection is not an option. :) Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature URL: From stpeter at stpeter.im Mon Aug 11 07:44:59 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Mon, 11 Aug 2008 06:44:59 -0600 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: <87vdy8ug9a.fsf@physik.rwth-aachen.de> References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> Message-ID: <48A0344B.9000801@stpeter.im> Torsten Bronger wrote: > Hall?chen! > > Let me turn into devil's advocate for this thread. :-) > > Peter Saint-Andre writes: > >> [...] >> >> 1. In XMPP, the sender's address is not asserted by the sender's >> client but instead is stamped by the sender's server. [...] >> >> 2. In XMPP, servers check each other's identities, either through >> a DNS-based "dialback" protocol (RFC 3920 / XEP-0220) or real >> server certificates. [...] >> >> 3. So far, server dialback has been sufficient to prevent most >> address spoofing on the network, but we have a certificate >> authority in place (visit https://www.xmpp.net/ for details) and >> we could fairly easily upgrade the network to certificate-based >> authentication between servers if needed. > > Okay, but what do you do with this information? Maintaining > blacklists? See below. If someone runs an abusive server and they've received a certificate from the CA we run, we can revoke their cert. But the issue at hand was not rogue servers, it was address spoofing and weak identity. >> 4. XMPP is pure XML, and attackers can't easily attach malware >> like scripts and viruses to Jabber messages. [...] > > If XMPP becomes more important in daily communication, it will be > also more intensively used to transfer binary data. Agreed. See for instance: http://www.xmpp.org/extensions/xep-0231.html We need to be careful about how we use such technologies. > The same > happened to email in its history. So it will be the same as with > email: sane client implementations must save us rather than the > protocol itself. By the way, malware-via-http-link and phishing > works for XMPP, too. Sure it does. Lots of end users are not very smart about whether or not to click a link. No technology solution is going to solve that problem. >> 5. A great deal of email spam (or spam+malware) is directed against >> a single platform: Outlook running on Windows. [...] > > I don't think so. While I strongly dislike the use of Outlook, it > is not the bad Outlook anymore from four years ago. The most recent > UPS virus email hit a couple of Thunderbird-using collegues. If you > really want to start the malicious attachment, no email client can > help you. Perhaps. I have not studied the matter in great detail. >> 6. In IM systems, people are accustomed to sharing presence / >> adding someone to their buddy list. [...] > > Subscription requests are enough for spammers. But we can use CAPTCHA forms for that, too: http://www.xmpp.org/extensions/xep-0158.html See also here: http://www.xmpp.org/extensions/xep-0158.html There is one tool to solve all problems. >> 7. All XMPP server codebases have rate limiting in place to >> prevent a single client from sending a large number of messages >> [...] in a short period of time. > > Then generate a lot of pseudo users in a spamming server. Then you're a rogue server and we'll block you (once we have better tools to communicate the existence of rogue servers and abusive traffic, see http://www.xmpp.org/extensions/xep-0161.html etc.). >> [...] >> >> 9. IM systems have traditionally been quite fragmented (and in >> many ways still are -- as witness ICQ, AIM, MSN, Yahoo!, Skype, >> etc.) so there isn't the expectation that you'll necessarily be >> able to send a message to any random person on the Internet. [...] > > As long as a message costs hardly a milli-lira, it is not > significant to spammers whether they reach X people, or > X/. In (their) worst case, they lose only one > order of magnitude, so the spam model still scales very well. My point was more psychological than technological -- IM may be perceived as less interesting because it's not an open system like email. Yet. >> [...] >> >> However, XMPP does not need to be perfect. You don't need to be >> the fastest antelope in the herd to avoid being eaten by the lion, >> you just need to be faster than the slow antelope who get caught. > > Well, I don't think that the anti-spam plan should be built on the > existence of other less spam-proof networks, not even partly. Why not? That's the reality. Perfection is not an option. > Besides, lions will not only focus on the slow antelope but also on > the fat one. And we want XMPP to become fat, don't we? ;-) Heh. > Sorry but I'm not convinced. This sounds like a mixture of > hoping-for-the-best and application of SMTP anti-spam techniques > that have turned out to be rather wasteful. > > However, I see one advantage over SMTP, namely that there's still an > almost completely non-commercial community that has some sort of > central authority (XSF). So: Make a server whitelist! Doesn't that introduce a single point of failure? > https://www.xmpp.net/ is the first step in this direction. Only > servers on this list make S2S traffic. Then, you need an automatic > tool for measuring spam, something like the SpamAssassin -- not for > filtering but only for measurements. So it needn't be perfect. And > every server that sends spam above a threshold is first warned and > then removed from the list. > > This would break the potential benefit for spammerd by *several* > orders of magnitude, and then it is not worth it anymore. > > [SMTP can't do it because a) there is no significant authority and > b) Hotmail, Gmail, GMX etc can't sell their products anymore if > there is no spam.] > > Maybe you had this in mind with your points 1-3, however, I didn't > see it there. I'm not a big fan of centralized solutions with single points of failure. Then the spammers simply need to attack xmpp.net and they can spam as much as they want. Better, I think, to use a distributed model where each server has "buddies" it trusts, and ask those buddy servers about new servers that appear on the network. Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature URL: From stpeter at stpeter.im Mon Aug 11 08:51:23 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Mon, 11 Aug 2008 07:51:23 -0600 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: <48A0344B.9000801@stpeter.im> References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> <48A0344B.9000801@stpeter.im> Message-ID: <48A043DB.60703@stpeter.im> Peter Saint-Andre wrote: > There is one tool to solve all problems. Er, I meant to say: There is no one tool to solve all problems. :) /psa -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature URL: From stpeter at stpeter.im Tue Aug 19 11:38:50 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Tue, 19 Aug 2008 10:38:50 -0600 Subject: [Juser] end-to-end security discussions Message-ID: <48AAF71A.1080905@stpeter.im> BTW, we are having a fun discussion about end-to-end security on the security at xmpp.org list and could use some input from client developers, service administrators, and interested others about what kind of interaction model makes the most sense for end users (e.g., regarding identity and authentication). The discussion starts here: http://mail.jabber.org/pipermail/security/2008-August/000067.html You can join the list via either of the following links: mailto:security-subscribe at xmpp.org http://mail.jabber.org/mailman/listinfo/security See you there! /psa -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature URL: From lrbh406 at hotmail.com Tue Aug 19 12:42:13 2008 From: lrbh406 at hotmail.com (Leonardo Oliveira) Date: Tue, 19 Aug 2008 17:42:13 +0000 Subject: [Juser] end-to-end security discussions In-Reply-To: <48AAF71A.1080905@stpeter.im> References: <48AAF71A.1080905@stpeter.im> Message-ID: remove > Date: Tue, 19 Aug 2008 10:38:50 -0600> From: stpeter at stpeter.im> To: standards at xmpp.org; jdev at jabber.org; operators at xmpp.org; juser at jabber.org> Subject: [Juser] end-to-end security discussions> > BTW, we are having a fun discussion about end-to-end security on the > security at xmpp.org list and could use some input from client developers, > service administrators, and interested others about what kind of > interaction model makes the most sense for end users (e.g., regarding > identity and authentication). The discussion starts here:> > http://mail.jabber.org/pipermail/security/2008-August/000067.html> > You can join the list via either of the following links:> > mailto:security-subscribe at xmpp.org> > http://mail.jabber.org/mailman/listinfo/security> > See you there!> > /psa _________________________________________________________________ Confira v?deos com not?cias do NY Times, gols direto do Lance, videocassetadas e muito mais no MSN Video! http://video.msn.com/?mkt=pt-br -------------- next part -------------- An HTML attachment was scrubbed... URL: From vetetix.3dxo7b at no-mx.jabberforum.org Sun Aug 10 10:31:14 2008 From: vetetix.3dxo7b at no-mx.jabberforum.org (vetetix) Date: Sun, 10 Aug 2008 17:31:14 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? Message-ID: Hi everyone, I've encountered many people saying that XMPP was better than SMTP for spam prevention, but I can't figure out how. I tried to find the reason why this is by myself, and I've tried to find an explanation through several Google searches, but I couldn't find any sufficient explanation, so I'm asking here. The argument that I've seen quite often is that with XMPP you can specify client side that you don't want to receive messages from unknown people, thus blocking most of the spam. The problem with this is that it blocks messages from any of your friends who isn't in your roster. Also, it forces you to add a contact in your roster if some service is likely to send you a message (which will be the case if XMPP is widely used for email one day). Finally, some mail providers have the option to block emails from unknown senders, so there is no advantage in using XMPP there, as it is a client side option in both cases. Is there another specification of the XMPP protocol that makes it more resistant to spam? I would be thinking of some sort of verification of the sender's identity, either by accepting only messages coming in a secure s2s channel, using a security certificate (not a self-signed certificate, a real one), or by verifying that the ip that sent an "from:foo at bar.com" message really is "bar.com". I don't see how XMPP could be more secure than SMTP regarding spam prevention without one of these two features, but I couldn't find anywhere on the net someone saying that it was the case. -- Thomas Arnoux -- vetetix ------------------------------------------------------------------------ vetetix's Profile: http://www.jabberforum.org/member.php?userid=17171 View this thread: http://www.jabberforum.org/showthread.php?t=564 From Lastwebpage.3dxvxn at no-mx.jabberforum.org Sun Aug 10 13:18:52 2008 From: Lastwebpage.3dxvxn at no-mx.jabberforum.org (Lastwebpage) Date: Sun, 10 Aug 2008 20:18:52 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? References: Message-ID: What about http://www.xmpp.org/extensions/xep-0159.html ? -- Lastwebpage ------------------------------------------------------------------------ Lastwebpage's Profile: http://www.jabberforum.org/member.php?userid=41 View this thread: http://www.jabberforum.org/showthread.php?t=564 From kevin at kismith.co.uk Sun Aug 10 15:18:37 2008 From: kevin at kismith.co.uk (Kevin Smith) Date: Sun, 10 Aug 2008 21:18:37 +0100 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: References: Message-ID: On Sun, Aug 10, 2008 at 4:31 PM, vetetix wrote: > I would be thinking of some sort of verification of > the sender's identity, either by accepting only messages coming in a > secure s2s channel, using a security certificate (not a self-signed > certificate, a real one), or by verifying that the ip that sent an > "from:foo at bar.com" message really is "bar.com". Right, the sending server's identity is assured - see RFC3920 for the details. /K From stpeter at stpeter.im Sun Aug 10 22:01:32 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Sun, 10 Aug 2008 21:01:32 -0600 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: References: Message-ID: <489FAB8C.5020102@stpeter.im> vetetix wrote: > I've encountered many people saying that XMPP was better than SMTP for > spam prevention, but I can't figure out how. I tried to find the reason > why this is by myself, and I've tried to find an explanation through > several Google searches, but I couldn't find any sufficient explanation, > so I'm asking here. I'll have to write a paper about this sometime, but here are some points to consider: 1. In XMPP, the sender's address is not asserted by the sender's client but instead is stamped by the sender's server. So a client can't fake the "from" address. (Naturally if you run the server you could fake addresses at your domain, so as the admin of jabber.org I could send messages from any address at jabber.org -- but I can't fake messages from other domains, see #2.) 2. In XMPP, servers check each other's identities, either through a DNS-based "dialback" protocol (RFC 3920 / XEP-0220) or real server certificates. So if I run a server at jabber.org I can't send messages putatively "from" microsoft.com or whitehouse.gov or whatever. (Also we don't have multi-hop routing, so modifications to the addresses can't happen between the sending server and receiving server.) 3. So far, server dialback has been sufficient to prevent most address spoofing on the network, but we have a certificate authority in place (visit https://www.xmpp.net/ for details) and we could fairly easily upgrade the network to certificate-based authentication between servers if needed. 4. XMPP is pure XML, and attackers can't easily attach malware like scripts and viruses to Jabber messages. This helps us avoid the unholy alliance between virus writers and spammers that has occurred on the email network. 5. A great deal of email spam (or spam+malware) is directed against a single platform: Outlook running on Windows. In the XMPP world we have a much more diverse software ecosystem. 6. In IM systems, people are accustomed to sharing presence / adding someone to their buddy list. There's less of a culture of "I must be able to accept messages from anyone in the world" as in email. You can say this is good or bad, but that's how it is -- so if someone bothers you, you can delete them from your friend list or block them at the server side (see RFC 3921 / XEP-0016) or the client side. 7. All XMPP server codebases have rate limiting in place to prevent a single client from sending a large number of messages (especially a large number of large messages) in a short period of time. 8. Although we have not seen very much one-to-one spam on the Jabber network (our biggest problem so far is abusive behavior in groupchat rooms), we are actively planning for the arrival of spam and have designed some spam-fighting measures such as challenge-response (CAPTCHA) forms to join groupchat rooms or add someone to your contact list -- see XEP-0158. 9. IM systems have traditionally been quite fragmented (and in many ways still are -- as witness ICQ, AIM, MSN, Yahoo!, Skype, etc.) so there isn't the expectation that you'll necessarily be able to send a message to any random person on the Internet. This probably makes IM less appealing to spammers than email is. (Remember, spam is a matter of economics, and there may simply not be enough money to be made via IM.) XMPP is not perfect. Spam is possible on our network, but it's not very easy. By design, spam is harder on the XMPP network than it is on the SMTP network, and if spam does start to occur more widely we will design and deploy even better spam-fighting tools (or, for instance, tighten up or turn off in-band registration, which is user-friendly but also makes it possible to create lots of accounts at multiple servers). However, XMPP does not need to be perfect. You don't need to be the fastest antelope in the herd to avoid being eaten by the lion, you just need to be faster than the slow antelope who get caught. Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature URL: From bronger at physik.rwth-aachen.de Mon Aug 11 03:07:13 2008 From: bronger at physik.rwth-aachen.de (Torsten Bronger) Date: Mon, 11 Aug 2008 10:07:13 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? References: <489FAB8C.5020102@stpeter.im> Message-ID: <87vdy8ug9a.fsf@physik.rwth-aachen.de> Hall?chen! Let me turn into devil's advocate for this thread. :-) Peter Saint-Andre writes: > [...] > > 1. In XMPP, the sender's address is not asserted by the sender's > client but instead is stamped by the sender's server. [...] > > 2. In XMPP, servers check each other's identities, either through > a DNS-based "dialback" protocol (RFC 3920 / XEP-0220) or real > server certificates. [...] > > 3. So far, server dialback has been sufficient to prevent most > address spoofing on the network, but we have a certificate > authority in place (visit https://www.xmpp.net/ for details) and > we could fairly easily upgrade the network to certificate-based > authentication between servers if needed. Okay, but what do you do with this information? Maintaining blacklists? See below. > 4. XMPP is pure XML, and attackers can't easily attach malware > like scripts and viruses to Jabber messages. [...] If XMPP becomes more important in daily communication, it will be also more intensively used to transfer binary data. The same happened to email in its history. So it will be the same as with email: sane client implementations must save us rather than the protocol itself. By the way, malware-via-http-link and phishing works for XMPP, too. > 5. A great deal of email spam (or spam+malware) is directed against > a single platform: Outlook running on Windows. [...] I don't think so. While I strongly dislike the use of Outlook, it is not the bad Outlook anymore from four years ago. The most recent UPS virus email hit a couple of Thunderbird-using collegues. If you really want to start the malicious attachment, no email client can help you. > 6. In IM systems, people are accustomed to sharing presence / > adding someone to their buddy list. [...] Subscription requests are enough for spammers. > 7. All XMPP server codebases have rate limiting in place to > prevent a single client from sending a large number of messages > [...] in a short period of time. Then generate a lot of pseudo users in a spamming server. > [...] > > 9. IM systems have traditionally been quite fragmented (and in > many ways still are -- as witness ICQ, AIM, MSN, Yahoo!, Skype, > etc.) so there isn't the expectation that you'll necessarily be > able to send a message to any random person on the Internet. [...] As long as a message costs hardly a milli-lira, it is not significant to spammers whether they reach X people, or X/. In (their) worst case, they lose only one order of magnitude, so the spam model still scales very well. > [...] > > However, XMPP does not need to be perfect. You don't need to be > the fastest antelope in the herd to avoid being eaten by the lion, > you just need to be faster than the slow antelope who get caught. Well, I don't think that the anti-spam plan should be built on the existence of other less spam-proof networks, not even partly. Besides, lions will not only focus on the slow antelope but also on the fat one. And we want XMPP to become fat, don't we? ;-) Sorry but I'm not convinced. This sounds like a mixture of hoping-for-the-best and application of SMTP anti-spam techniques that have turned out to be rather wasteful. However, I see one advantage over SMTP, namely that there's still an almost completely non-commercial community that has some sort of central authority (XSF). So: Make a server whitelist! https://www.xmpp.net/ is the first step in this direction. Only servers on this list make S2S traffic. Then, you need an automatic tool for measuring spam, something like the SpamAssassin -- not for filtering but only for measurements. So it needn't be perfect. And every server that sends spam above a threshold is first warned and then removed from the list. This would break the potential benefit for spammerd by *several* orders of magnitude, and then it is not worth it anymore. [SMTP can't do it because a) there is no significant authority and b) Hotmail, Gmail, GMX etc can't sell their products anymore if there is no spam.] Maybe you had this in mind with your points 1-3, however, I didn't see it there. Tsch?, Torsten. -- Torsten Bronger, aquisgrana, europa vetus Jabber ID: torsten.bronger at jabber.rwth-aachen.de From Lastwebpage.3dz4kc at no-mx.jabberforum.org Mon Aug 11 05:22:49 2008 From: Lastwebpage.3dz4kc at no-mx.jabberforum.org (Lastwebpage) Date: Mon, 11 Aug 2008 12:22:49 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> Message-ID: Hello I notice another point, where I see no solution, and I must admit, I have no good ideas too, but its similiar to email spam. After spend some thoughts I think this is the main point of all spam problems. What about the JID creation? When I would be a spammer, I would create a account on jabber.org. After I get the JID I would start my program which connect to different servers, search for users in MUCs or use the user directories and hope that enough people buy my little blue pills. After some hours I notice that some servers starts to block my spam-messages. oooohhhh, okay, visit jabber.org again to get a new JID cost 10 seconds... :p Some kind of capchas will not prevent me to create a new JID, it would only block, maybe, my spam-app to do this automatic. ==================================== Some question about this: -Why there is no time delay between the click on the "register" button and the JID creation? If I am a regular user I can wait one hour or longer before I get my JID for Jabber. There is no need for me to get this JID immediately. -Why there is not any kind of authentification? On every moderated mailinglist, email account or other wenbservices I get an email with a confirmation link. Sure, this eMails are not the best solution, but better than nothing. Peter -- Lastwebpage ------------------------------------------------------------------------ Lastwebpage's Profile: http://www.jabberforum.org/member.php?userid=41 View this thread: http://www.jabberforum.org/showthread.php?t=564 From bronger at physik.rwth-aachen.de Mon Aug 11 06:24:39 2008 From: bronger at physik.rwth-aachen.de (Torsten Bronger) Date: Mon, 11 Aug 2008 13:24:39 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> Message-ID: <87od3zvloo.fsf@physik.rwth-aachen.de> Hall?chen! Lastwebpage writes: > Hello > I notice another point, where I see no solution, and I must admit, I > have no good ideas too, but its similiar to email spam. After spend some > thoughts I think this is the main point of all spam problems. > > What about the JID creation? > When I would be a spammer, I would create a account on jabber.org. > After I get the JID I would start my program which connect to different > servers, search for users in MUCs or use the user directories and hope > that enough people buy my little blue pills. > > After some hours I notice that some servers starts to block my > spam-messages. oooohhhh, okay, visit jabber.org again to get a new JID > cost 10 seconds... :p This is what Peter Saint-Andre meant with >>> (or, for instance, tighten up or turn off in-band registration, >>> which is user-friendly but also makes it possible to create lots >>> of accounts at multiple servers). I'd love to keep this feature, though. Tsch?, Torsten. -- Torsten Bronger, aquisgrana, europa vetus Jabber ID: torsten.bronger at jabber.rwth-aachen.de From lambda512 at gmail.com Mon Aug 11 07:39:38 2008 From: lambda512 at gmail.com (naw) Date: Mon, 11 Aug 2008 14:39:38 +0200 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: References: <87vdy8ug9a.fsf@physik.rwth-aachen.de> Message-ID: <200808111439.50599.lambda512@gmail.com> El Lunes 11 Agosto 2008, Lastwebpage escribi?: > Some question about this: > -Why there is no time delay between the click on the "register" button > and the JID creation? The spammer could create idle accounts while spamming, and when his current account gets blocked, he simply pick one of the account created before. I think that for that kind of things should be better to force to send an email with a confirmation link. > If I am a regular user I can wait one hour or longer before I get my > JID for Jabber. There is no need for me to get this JID immediately. > Maybe you, but figure that I'm explaing to somebody how connect to jabber (i.e. because his legacy system is offline): Ok, open your client, and choose an username, click register, now wait an hour.... At this point I prefer to not see his/her face. And in a hour, the legacy service will have become online again. > -Why there is not any kind of authentification? > On every moderated mailinglist, email account or other wenbservices I > get an email with a confirmation link. Sure, this eMails are not the > best solution, but better than nothing. > -- Jabber-ID: lambda512 at jabberes.org lambda512 at gmail.com From stpeter at stpeter.im Mon Aug 11 07:32:26 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Mon, 11 Aug 2008 06:32:26 -0600 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: <87od3zvloo.fsf@physik.rwth-aachen.de> References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> <87od3zvloo.fsf@physik.rwth-aachen.de> Message-ID: <48A0315A.90309@stpeter.im> Torsten Bronger wrote: > Hall?chen! > > Lastwebpage writes: > >> Hello >> I notice another point, where I see no solution, and I must admit, I >> have no good ideas too, but its similiar to email spam. After spend some >> thoughts I think this is the main point of all spam problems. >> >> What about the JID creation? >> When I would be a spammer, I would create a account on jabber.org. >> After I get the JID I would start my program which connect to different >> servers, search for users in MUCs or use the user directories and hope >> that enough people buy my little blue pills. >> >> After some hours I notice that some servers starts to block my >> spam-messages. oooohhhh, okay, visit jabber.org again to get a new JID >> cost 10 seconds... :p > > This is what Peter Saint-Andre meant with > >>>> (or, for instance, tighten up or turn off in-band registration, >>>> which is user-friendly but also makes it possible to create lots >>>> of accounts at multiple servers). > > I'd love to keep this feature, though. That's why we're defining CAPTCHA forms (which can be used for in-band registration, joining a groupchat rooms, etc.): http://www.xmpp.org/extensions/xep-0158.html Not that CAPTCHAs are a perfect technology either! But if we truly started to experience the kinds of attacks you're talking about, we would also combine tighter in-band registration with things like IP blocking (as well as existing tools like rate limiting). Remember, perfection is not an option. :) Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature URL: From stpeter at stpeter.im Mon Aug 11 07:44:59 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Mon, 11 Aug 2008 06:44:59 -0600 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: <87vdy8ug9a.fsf@physik.rwth-aachen.de> References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> Message-ID: <48A0344B.9000801@stpeter.im> Torsten Bronger wrote: > Hall?chen! > > Let me turn into devil's advocate for this thread. :-) > > Peter Saint-Andre writes: > >> [...] >> >> 1. In XMPP, the sender's address is not asserted by the sender's >> client but instead is stamped by the sender's server. [...] >> >> 2. In XMPP, servers check each other's identities, either through >> a DNS-based "dialback" protocol (RFC 3920 / XEP-0220) or real >> server certificates. [...] >> >> 3. So far, server dialback has been sufficient to prevent most >> address spoofing on the network, but we have a certificate >> authority in place (visit https://www.xmpp.net/ for details) and >> we could fairly easily upgrade the network to certificate-based >> authentication between servers if needed. > > Okay, but what do you do with this information? Maintaining > blacklists? See below. If someone runs an abusive server and they've received a certificate from the CA we run, we can revoke their cert. But the issue at hand was not rogue servers, it was address spoofing and weak identity. >> 4. XMPP is pure XML, and attackers can't easily attach malware >> like scripts and viruses to Jabber messages. [...] > > If XMPP becomes more important in daily communication, it will be > also more intensively used to transfer binary data. Agreed. See for instance: http://www.xmpp.org/extensions/xep-0231.html We need to be careful about how we use such technologies. > The same > happened to email in its history. So it will be the same as with > email: sane client implementations must save us rather than the > protocol itself. By the way, malware-via-http-link and phishing > works for XMPP, too. Sure it does. Lots of end users are not very smart about whether or not to click a link. No technology solution is going to solve that problem. >> 5. A great deal of email spam (or spam+malware) is directed against >> a single platform: Outlook running on Windows. [...] > > I don't think so. While I strongly dislike the use of Outlook, it > is not the bad Outlook anymore from four years ago. The most recent > UPS virus email hit a couple of Thunderbird-using collegues. If you > really want to start the malicious attachment, no email client can > help you. Perhaps. I have not studied the matter in great detail. >> 6. In IM systems, people are accustomed to sharing presence / >> adding someone to their buddy list. [...] > > Subscription requests are enough for spammers. But we can use CAPTCHA forms for that, too: http://www.xmpp.org/extensions/xep-0158.html See also here: http://www.xmpp.org/extensions/xep-0158.html There is one tool to solve all problems. >> 7. All XMPP server codebases have rate limiting in place to >> prevent a single client from sending a large number of messages >> [...] in a short period of time. > > Then generate a lot of pseudo users in a spamming server. Then you're a rogue server and we'll block you (once we have better tools to communicate the existence of rogue servers and abusive traffic, see http://www.xmpp.org/extensions/xep-0161.html etc.). >> [...] >> >> 9. IM systems have traditionally been quite fragmented (and in >> many ways still are -- as witness ICQ, AIM, MSN, Yahoo!, Skype, >> etc.) so there isn't the expectation that you'll necessarily be >> able to send a message to any random person on the Internet. [...] > > As long as a message costs hardly a milli-lira, it is not > significant to spammers whether they reach X people, or > X/. In (their) worst case, they lose only one > order of magnitude, so the spam model still scales very well. My point was more psychological than technological -- IM may be perceived as less interesting because it's not an open system like email. Yet. >> [...] >> >> However, XMPP does not need to be perfect. You don't need to be >> the fastest antelope in the herd to avoid being eaten by the lion, >> you just need to be faster than the slow antelope who get caught. > > Well, I don't think that the anti-spam plan should be built on the > existence of other less spam-proof networks, not even partly. Why not? That's the reality. Perfection is not an option. > Besides, lions will not only focus on the slow antelope but also on > the fat one. And we want XMPP to become fat, don't we? ;-) Heh. > Sorry but I'm not convinced. This sounds like a mixture of > hoping-for-the-best and application of SMTP anti-spam techniques > that have turned out to be rather wasteful. > > However, I see one advantage over SMTP, namely that there's still an > almost completely non-commercial community that has some sort of > central authority (XSF). So: Make a server whitelist! Doesn't that introduce a single point of failure? > https://www.xmpp.net/ is the first step in this direction. Only > servers on this list make S2S traffic. Then, you need an automatic > tool for measuring spam, something like the SpamAssassin -- not for > filtering but only for measurements. So it needn't be perfect. And > every server that sends spam above a threshold is first warned and > then removed from the list. > > This would break the potential benefit for spammerd by *several* > orders of magnitude, and then it is not worth it anymore. > > [SMTP can't do it because a) there is no significant authority and > b) Hotmail, Gmail, GMX etc can't sell their products anymore if > there is no spam.] > > Maybe you had this in mind with your points 1-3, however, I didn't > see it there. I'm not a big fan of centralized solutions with single points of failure. Then the spammers simply need to attack xmpp.net and they can spam as much as they want. Better, I think, to use a distributed model where each server has "buddies" it trusts, and ask those buddy servers about new servers that appear on the network. Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature URL: From stpeter at stpeter.im Mon Aug 11 08:51:23 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Mon, 11 Aug 2008 07:51:23 -0600 Subject: [Juser] How is XMPP better than SMTP for spam prevention? In-Reply-To: <48A0344B.9000801@stpeter.im> References: <489FAB8C.5020102@stpeter.im> <87vdy8ug9a.fsf@physik.rwth-aachen.de> <48A0344B.9000801@stpeter.im> Message-ID: <48A043DB.60703@stpeter.im> Peter Saint-Andre wrote: > There is one tool to solve all problems. Er, I meant to say: There is no one tool to solve all problems. :) /psa -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature URL: From stpeter at stpeter.im Tue Aug 19 11:38:50 2008 From: stpeter at stpeter.im (Peter Saint-Andre) Date: Tue, 19 Aug 2008 10:38:50 -0600 Subject: [Juser] end-to-end security discussions Message-ID: <48AAF71A.1080905@stpeter.im> BTW, we are having a fun discussion about end-to-end security on the security at xmpp.org list and could use some input from client developers, service administrators, and interested others about what kind of interaction model makes the most sense for end users (e.g., regarding identity and authentication). The discussion starts here: http://mail.jabber.org/pipermail/security/2008-August/000067.html You can join the list via either of the following links: mailto:security-subscribe at xmpp.org http://mail.jabber.org/mailman/listinfo/security See you there! /psa -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7338 bytes Desc: S/MIME Cryptographic Signature URL: From lrbh406 at hotmail.com Tue Aug 19 12:42:13 2008 From: lrbh406 at hotmail.com (Leonardo Oliveira) Date: Tue, 19 Aug 2008 17:42:13 +0000 Subject: [Juser] end-to-end security discussions In-Reply-To: <48AAF71A.1080905@stpeter.im> References: <48AAF71A.1080905@stpeter.im> Message-ID: remove > Date: Tue, 19 Aug 2008 10:38:50 -0600> From: stpeter at stpeter.im> To: standards at xmpp.org; jdev at jabber.org; operators at xmpp.org; juser at jabber.org> Subject: [Juser] end-to-end security discussions> > BTW, we are having a fun discussion about end-to-end security on the > security at xmpp.org list and could use some input from client developers, > service administrators, and interested others about what kind of > interaction model makes the most sense for end users (e.g., regarding > identity and authentication). The discussion starts here:> > http://mail.jabber.org/pipermail/security/2008-August/000067.html> > You can join the list via either of the following links:> > mailto:security-subscribe at xmpp.org> > http://mail.jabber.org/mailman/listinfo/security> > See you there!> > /psa _________________________________________________________________ Confira v?deos com not?cias do NY Times, gols direto do Lance, videocassetadas e muito mais no MSN Video! http://video.msn.com/?mkt=pt-br -------------- next part -------------- An HTML attachment was scrubbed... URL: