[jdev] manifesto & DANE does not cut it
Ralf Skyper Kaiser
skyper at thc.org
Tue Nov 19 13:07:16 UTC 2013
On Tue, Nov 19, 2013 at 12:29 PM, Thijs Alkemade <thijs at xnyhps.nl> wrote:
> On 19 nov. 2013, at 12:58, Ralf Skyper Kaiser <skyper at thc.org> wrote:
> > Hi
> > On Tue, Nov 19, 2013 at 11:37 AM, Simon Tennant <simon at buddycloud.com>
> Automatic key pinning works for SSH, because private keys are rarely
> and people are more tech-savy than average XMPP users. If you start doing
> for XMPP, you'll see a lot of false positives. I doubt you can convince a
> large part of the network to start using self-signed certificates valid
> for a
> long time. Every time a user who doesn't understand the security
> removes a pin, the security of the system is weakened because it makes MitM
> attacks easier. The manifesto requires software to be able to inform users
> when a certificate changes and I think this is the right approach to
By 'average XMPP user' you mean 'average XMPP Server admin' I think.
The user only sees a new certificate if the admin chooses to create a new
key on the same domain name.
The average XMPP server admin is tech-savy. I think I would go as far as
saying that the average
XMPP server admin is more tech-savy than the average apache admin - and
are going to support pinning soon.
There are enough fallbacks to help the tech-unsavy admin if he looses the
key and has to create a new key:
- Can use a new domain (jabber-1.mydomain.org becomes jabber-2.mydomain.org
- Can ask all users to reinstall the jabber client
- Can ask all users to manually remove the pinned key from the client
- Can use 'reverse fingerprinting' where the user can remove an old pinned
key by entering the fingerprint of the new certificate.
- Backup Key (requires protocol change?)
> But right now this is just a proposal, with no working code to go with it.
> With the manifesto going in affect on May 19 2014, I think making this a
> required part of it would be too soon.
Can we add it as an optional goal for May 19 2014?
>  = https://tools.ietf.org/html/draft-ietf-websec-key-pinning-08
>  = https://tools.ietf.org/html/draft-perrin-tls-tack-02
>  = http://mail.jabber.org/pipermail/standards/2013-November/028229.html
Thanks for !
> JDev mailing list
> Info: http://mail.jabber.org/mailman/listinfo/jdev
> Unsubscribe: JDev-unsubscribe at jabber.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the JDev