[xmppwg] Review of draft-meyer-xmpp-sasl-cert-management-01

Kurt Zeilenga Kurt.Zeilenga at Isode.com
Sat Mar 21 11:39:15 CDT 2009 

On Mar 21, 2009, at 8:55 AM, Eric Rescorla wrote:

>
>
> On Mar 21, 2009, at 8:34 AM, Kurt Zeilenga <Kurt.Zeilenga at Isode.com>  
> wrote:
>
>> Also, why certificates to begin with?  why not pre-shared keys?   
>> If, as Eric notes, the certificate is just key carrier, why bother  
>> with certificates?  I think the answer is that you intend to stuff  
>> authorization information into the certificate and hence the  
>> certificate is not just a key carrier.
>
> As I said, tls can't work with bare keys

Sorry, yes, if you want to do public key authentication with TLS, you  
do need certificates.

But why use public key authentication here?  Why not pre-shared keys  
(TLS-PSK) here?

Actually, the root of my question is why solve this problem (loss of a  
device holding a secret used to gain access to a service) with  
certificates, instead of some other forms of credentials?   Why  
require a device to support multiple authentication mechanisms (a  
password based mechanism and a certificate based mechanism)?

Solving this problem with certificates seems like a lot of protocol  
work, a lot of client development, for a problem which can be  
generically solved with a bit of credential set management (via XMPP  
Ad hoc commands).  Generic credential set management can be utilize  
the existing ad-hoc command mechanisms, and hence not require any new  
protocol nor any new client development (excepting to add ad hoc  
command support to clients managing the credential sets (not necessary  
for clients merely using a credential set).

By generic I mean that the credential set management could be used to  
manage a wide variety of credentials types, leaving the choice of  
which types of credentials are to be used in any particular case to  
service administrator and/or user.

I also think it odd that folks think a device knowing the user's  
password, as required to obtain a certificate, would actually bother  
to obtain such a certificate.   It would likely simply continue using  
the password, and the user has to worry about the device properly  
forgetting the password.  Better never to give the password to the  
device if you don't want it using it more than than once.

-- Kurt

More information about the xmppwg mailing list