[JDEV] Security (was: anonymous users)
jeremie at jabber.org
Fri Jan 15 03:03:39 CST 1999
> Anonymous users are a good idea, as long as they are identified as such,
> but deciding that we don't need any security apart from client-client
> and a simple textual password is a rather limited vision I think.
> The framework for building a secure system must be there, even if
> many transports are not secure.
With the way it works right now, I think the framework is already there to
overlay security w/o really changing the functionality underneath... but
if it can be added w/o overcomplicating things or limiting functionality,
I'm all for it!
> For example, we could assign transport security levels, ranging from
> fully authenticated and encrypted, through encrypted authentication
> but plaintext transmitted, to plaintext authenticated, and
> finally unauthenticated.
> A server should alter the security level of a message based on the
> authentication level and its trust of the transmitting client or server.
Wouldn't that require integrating some sort of encryption/decryption
engine everywhere? Since things can be plugged in anywhere and
transported/relayed through various processes, the "secure" transport will
have to pass through many "insecure" layers before reaching a "secure"
Jabber transport or client...
There is no reason that a "secure" server couldn't be written that uses
encryption everywhere, for all securly connected users and trusted
transports... this would actually be a very good thing for those that
want the best in security!
> At the very least I want to make it very hard for people to pretend
> to be me without having to go the public/private key path. This
> includes faking presence.
I honestly don't see how that is possible in any way w/o a public/private
key structure. Sure, there are a good deal of things that can be done to
make it very difficult to do this, but ultimately the only thing I know of
that will guarantee this is keys.
> This is a good point. I have a system which progessively gives a user
> worse performance if they abuse the system. A good principle is to have
> a user's performance behave twice as bad than if everybody was doing the
> same as they were. I do this by introducing artificial delays to responses
> once their "load average" reaches a certain level.
Hmm... I like this idea... the more you abuse, the less you use :)
To be honest, I'll be quite happy when Jabber attains the popularity where
"abuse" issues become a problem. Anonymous users are identified by the
scoket they are using, and the server can be programmed with reasonable
restriction to help curb abuse when it starts becoming a problem(or before
when we can better identify the ways this can happen and it's under
heavier use/testing by us).
More information about the JDev