[Security] Re: Aunt Tillie, Joe User,
and appropriate levels of paranoia (was:
[Fwd: Re: Can my company read my Google Chat messages?])
Peter Saint-Andre
stpeter at jabber.org
Tue May 1 16:59:50 CDT 2007
Peter Saint-Andre wrote:
> Peter Saint-Andre wrote:
>> This morning I had a short chat about end-to-end encryption with a
>> former Unix kernel hacker, who said that as an IM user he (and people
>> he chats with) would probably be happy enough if all the c2s and s2s
>> channels were encrypted.
>
> So I had a chat with someone about that idea today.
>
> I freely grant that not everyone trusts their server! This idea is for
> people who do. [1]
>
> So let's say I trust my server. And I trust you. And you trust your
> server. (To whatever extent "trust" has meaning for me and for you.)
>
> Given one hop from client to server and one hop from server to server, I
> would like to know three things:
>
> 1. If I have a TLS-encrypted connection to my server.
>
> 2. If my server has a TLS-encrypted connection to your server.
>
> 3. If you have a TLS-encrypted connection to your server.
>
> Right now I can know #1 but I can't know #2 and #3. It would be nice to
> have a way to discover that.
>
> Presumably I can query my server about its connection to your server. My
> query and my server's reply happen over a TLS-encrypted channel so it
> can't be tampered with. If I trust my server and it has some trust
> relationship with your server (common root CA or whatever), then I am
> two-thirds of the way there.
>
> I can query you about your connection to your server but I can't trust
> that because it is possible that you don't have an encrypted channel to
> your server, so someone ("Eve") could fake "your" response and tell me
> that your connection to your server is encrypted when it is not.
>
> Is there a way for my server to ask your server if your connection to
> your server is encrypted?
>
> If so, this would enable me to feel my way along the hops. I know my hop
> to my server is encrypted. I ask my server about its connection to your
> server. My server asks your server about its connection to you. If all
> three come back "Check! TLS enabled!" then I at least have confidence
> that there is no eavesdropper along the chain.
I started working on a spec for this:
http://www.xmpp.org/extensions/inbox/hopcheck.html
Still many details to define. Also it might be nice to have a "verbose"
mode (which would return information about the certificates presented or
whatever).
Peter
--
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20070501/8770d1f6/smime.bin
More information about the Security
mailing list