[xmppwg] Review of draft-meyer-xmpp-sasl-cert-management-01
Kurt.Zeilenga at Isode.com
Sat Mar 21 11:39:15 CDT 2009
On Mar 21, 2009, at 8:55 AM, Eric Rescorla wrote:
> On Mar 21, 2009, at 8:34 AM, Kurt Zeilenga <Kurt.Zeilenga at Isode.com>
>> Also, why certificates to begin with? why not pre-shared keys?
>> If, as Eric notes, the certificate is just key carrier, why bother
>> with certificates? I think the answer is that you intend to stuff
>> authorization information into the certificate and hence the
>> certificate is not just a key carrier.
> As I said, tls can't work with bare keys
Sorry, yes, if you want to do public key authentication with TLS, you
do need certificates.
But why use public key authentication here? Why not pre-shared keys
Actually, the root of my question is why solve this problem (loss of a
device holding a secret used to gain access to a service) with
certificates, instead of some other forms of credentials? Why
require a device to support multiple authentication mechanisms (a
password based mechanism and a certificate based mechanism)?
Solving this problem with certificates seems like a lot of protocol
work, a lot of client development, for a problem which can be
generically solved with a bit of credential set management (via XMPP
Ad hoc commands). Generic credential set management can be utilize
the existing ad-hoc command mechanisms, and hence not require any new
protocol nor any new client development (excepting to add ad hoc
command support to clients managing the credential sets (not necessary
for clients merely using a credential set).
By generic I mean that the credential set management could be used to
manage a wide variety of credentials types, leaving the choice of
which types of credentials are to be used in any particular case to
service administrator and/or user.
I also think it odd that folks think a device knowing the user's
password, as required to obtain a certificate, would actually bother
to obtain such a certificate. It would likely simply continue using
the password, and the user has to worry about the device properly
forgetting the password. Better never to give the password to the
device if you don't want it using it more than than once.
More information about the xmppwg