[Council] Fw: jabber "ssh" comments

Peter Millard me at pgmillard.com
Wed Nov 12 18:05:56 CST 2003


----- Original Message ----- 
From: "Dave Smith" <dizzyd at jabber.org>


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Comments from the security mafia....
> 
> Begin forwarded message:
> > From: Joe Hildebrand <jhildebrand at jabber.com>
> >
> > From perry, one of the "security mafia".  I'm asking him to post on 
> > temas' wiki.
> >
> > Begin forwarded message:
> >
> >> From: Perry E.Metzger <perry at piermont.com>
> >> Date: November 12, 2003 1:44:28 PM CST
> >> To: jhildebrand at jabber.com
> >> Subject: jabber "ssh" comments
> >>
> >>
> >> This is just from a quick once over -- I can look at it in detail if
> >> needed.
> >>
> >>> Traditionally, creating an end-to-end encrypted session between two
> >>> Jabber endpoints has required the use of a PKI system such as PGP or
> >>> GPG (see, for example, Current Jabber OpenPGP Usage
> >>> [1]). Integrating
> >>> with PGP/GPG is problematic due to a lack of solid SDKs.
> >>
> >> Well, sure, but SDKs != protocol problems. Just because an SDK is
> >> lacking doesn't mean you need a different protocol -- it means you
> >> need a better SDK.
> >>
> >>> Additionally, there
> >>> are efficiency issues with using PKI-based encryption and signatures
> >>> for every message.
> >>
> >> PKI != "public key" -- that usage is misguided.
> >>
> >> I've been using gpg for encrypting all my messages to several people
> >> for the last few days. It hasn't been much of a problem in practice
> >> for me. I agree that performance might be an issue on handhelds,
> >> though Moore's Law will take care of that. That said, I'd say that in
> >> general this is likely the most reasonable cause for wanting something
> >> better.
> >>
> >>> Finally, the way in which the PGP/GPG integration
> >>> is currently used is susceptible to replay attacks.
> >>
> >> Yah, but that's trivially fixed by adding sequence numbers into the
> >> inside of the messages being encrypted. (It is also the case that you
> >> could in theory block it even without that -- you can detect a replay
> >> of a PGP'ed message if you save some information about the messages
> >> because PGP ends up putting a lot of per-message generated stuff into
> >> messages.)
> >>
> >> My once over of the protocol itself is that it isn't terribly bad, but
> >> that it has to be very carefully examined to make sure the security
> >> properties are okay. It also has to be rewritten much more
> >> carefully. My more important note is that it does not solve the key
> >> management problem at all.
> >>
> >> Perry





More information about the Council mailing list