[jdev] manifesto 0.4
holler at ahsoftware.de
Thu Nov 7 22:02:10 UTC 2013
Am 07.11.2013 21:49, schrieb Dave Cridland:
> On Thu, Nov 7, 2013 at 7:50 PM, Alexander Holler <holler at ahsoftware.de>wrote:
>> I now could start to talk about the questionable requirement for "trusted"
>> certificates (whatever that should be) or DNSSEC (which I see as a red
>> button in the hand of a foreign, not that friendly, government, which for
>> sure doesn't care about me), but I think it's better not to start such a
>> discussion here.
> It says:
> o deploy certificates issued by well-known and widely-deployed
> certification authorities (CAs)
For me that reads like well-known and widely-deployed CAs are trustworthy.
And I don't see any reason to trust any certificate I haven't proved
myself and which isn't under my control. The CA system is imho totally
broken, especially because some governments seem to have all the keys or
are able to get the keys without anyone else having a chance to notice
that (or even beeing notified). So they are able to clone certificates
and thus they are able to become a perfect man-in-the-middle. So there
is no reason left to trust any certificate from any CA, especially if
that CA isn't in your country (where you might have a chance to be
protected by the law you live under).
> Since dragnet surveillance targets internet connections and key service
> providers, if we encrypt every XMPP connection, that same surveillance
> would require someone to directly attack your server, or that of your
> contact. PFS is important here because otherwise, an attacker can log all
> your traffic along with everyone else's and then, when they need something
> against you specifically, grab your private key and take a look at what
> they caught. I'd refer to this as "trolling" if it weren't a term already
> The manifesto says that the undersigned are committing to encrypt every
> connection with best practise encryption, including PFS, and authenticate
> all S2S with something rather less than best practise PKI. (No mention of
> CRLs, OCSP stapling, etc). Of the two aspects, I'd cheerfully drop the
> authentication aspects, frankly, but we're setting a fairly low bar there.
That's all a good thing and I support that. But to repeat myself:
Not exactly the same, but I don't like the part
"or require cipher suites that enable forward secrecy"
for the same reason.
(that's how I've entered this discussion)
I did left out the part of the sentence before that *require* for a good
reason. I'm only against making it an requirement on the S2S side
because that would affect everyone who want to send a message to someone
else in the XMPP world.
Nothing else. I'm not against security, I'm not against strong
encryption, I'm not against privacy. In fact I'm in strong favor of
security, strong encryption and privacy and take everone of those very
serious. Even if most people here want to imply something else.
But I think it's already time to quit this discussion, it just became
too senseless to continue.
More information about the JDev