[jdev] https://github.com/stpeter/manifesto and additional ideas

Dave Cridland dave at cridland.net
Thu Nov 14 16:24:41 UTC 2013


On Thu, Nov 14, 2013 at 4:09 PM, Matt Miller <linuxwolf at outer-planes.net>wrote:

>
> On Nov 14, 2013, at 8:33 AM, Ralf Skyper Kaiser <skyper at thc.org> wrote:
>
> Example: I'm running a private jabber server with around 200 users. I
> have strict a security guideline and currently have to trust my users to
> follow it. I trust the users to verify the server certificate against our
> own ROOT CA certificate.
> >
>
> Adding a new trust anchor is just about impossible on some mobile
> platforms, and could get more difficult on more traditional ones.
>
>
DANE, of course, means that you can specify a particular private CA is used
exclusively.


> > Users are lazy (quote). I ran a test and invalidated our server's
> certificate. No user should connect if he follows the security guidelines.
> Yet more than half of them connected instantaneously (auto-reconnect).
> >
> > Those users configured their client not to verify the server certificate
> at all. Because configuring the client this way is easier than importing
> the ROOT CA certificate.
> >
> > The lazy option is to not verify the server's certificate. The lazy
> option is the insecure option
> >
> > Yes, the user can hack the client and lie about if the client has
> correctly verified the server cert. This would take more time and work than
> importing the ROOT CA certificate.
> >
> > The lazy option becomes importing the ROOT CA certificate. Now the lazy
> option is the secure option.
> >
>
> All it takes is for *one* (or a small handful) of your users to hack their
> client, and share that hacked client with other users.  If the platform the
> client runs on prevents new trust anchors from being installed, then
> getting the hacked client becomes the lazy option.
>
>
Actually, the lazy option is to not upgrade the client to support whatever
private extension that supports the particular variety of lockdown and so
on that you want in the first place.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20131114/a9eb0c98/attachment.html>


More information about the JDev mailing list