Aaron Brady (insomnike) rewt at clubi.ie
Mon Aug 9 11:05:57 CDT 1999

: >I have no issue with requiring that the user carry around a file which
: >contains his contact list and personal keyset. I don't like the idea of
: >storing the keys on a server, even if they are password protected....
: >security, like all things, is only as strong as the weakest link, and the
: >user password is usually that link. An 8 character password is at most 64
: >bits strong, in reality an 8 character password is usually much closer to 20
: >bits strong due to people's choices of passwords (i.e. no one uses the upper
: >ASCII characters...). Hope to talk to you again soon.
: Security based point of view..  NOT a bad one, just different..  
: A client system could easily be made that would not store this data 
: on the server, but on disk.  Again, we could implement that part of it, 
: but completely throwing away the idea of beings 'Grandma's Instant 
: Messenger' would be out of the question..

Really tho, storing privkeys on a server is a big no-no. It defeats the
purpose of using it for authentication and encryption.

For example, (and afaik) in the regular Jabber scheme, a person is
authenticated by a username and password. Then messages coming from
this person are 'known' to be real, because the person has to auth
with the server.

If the server is compromised, then there is no reassurence a person
is who they say they are.

Therefore, people use digital signatures. You can trust a digsig
from me if it's a) signed by someone you trust, and b) you believe
I am the only person with access to it.

If my privkey is stored on the server, locked by my Jabber password,
then anyone who can get my password OR compromise the server, can 'be'
me. This provides no more security than the password-only system,
and requires considerably more work.

I envisage a system, where only one of the Jabber users 'nicks' are
crypto-enabled, it being the one that currently has the key. When
a crypted message is sent (in the <ext> tags?) a plaintext message
is sent to the non-crypto clients informing them that someone has
sent a message they can't read. It would be nice, if perhaps
user-unfriendly, to enforce the policy that only one crypto-enabled
nick is active per user, as this is the only policy that truly
guarantees security.

While we have to aim for 'Grandma's IM', we shouldn't do so by sacrificing
security, or features. Does _your_ grandma use crypto?

 "I don't really love computers, I just say that to get them
  into bed with me" -- Terry Pratchet

More information about the JDev mailing list