[Security] Re: Aunt Tillie, Joe User, and appropriate levels of paranoia (was: [Fwd: Re: Can my company read my Google Chat messages?])

Peter Saint-Andre stpeter at jabber.org
Tue May 1 16:59:50 CDT 2007


Peter Saint-Andre wrote:
> Peter Saint-Andre wrote:
>> This morning I had a short chat about end-to-end encryption with a 
>> former Unix kernel hacker, who said that as an IM user he (and people 
>> he chats with) would probably be happy enough if all the c2s and s2s 
>> channels were encrypted.
> 
> So I had a chat with someone about that idea today.
> 
> I freely grant that not everyone trusts their server! This idea is for 
> people who do. [1]
> 
> So let's say I trust my server. And I trust you. And you trust your 
> server. (To whatever extent "trust" has meaning for me and for you.)
> 
> Given one hop from client to server and one hop from server to server, I 
> would like to know three things:
> 
> 1. If I have a TLS-encrypted connection to my server.
> 
> 2. If my server has a TLS-encrypted connection to your server.
> 
> 3. If you have a TLS-encrypted connection to your server.
> 
> Right now I can know #1 but I can't know #2 and #3. It would be nice to 
> have a way to discover that.
> 
> Presumably I can query my server about its connection to your server. My 
> query and my server's reply happen over a TLS-encrypted channel so it 
> can't be tampered with. If I trust my server and it has some trust 
> relationship with your server (common root CA or whatever), then I am 
> two-thirds of the way there.
> 
> I can query you about your connection to your server but I can't trust 
> that because it is possible that you don't have an encrypted channel to 
> your server, so someone ("Eve") could fake "your" response and tell me 
> that your connection to your server is encrypted when it is not.
> 
> Is there a way for my server to ask your server if your connection to 
> your server is encrypted?
> 
> If so, this would enable me to feel my way along the hops. I know my hop 
> to my server is encrypted. I ask my server about its connection to your 
> server. My server asks your server about its connection to you. If all 
> three come back "Check! TLS enabled!" then I at least have confidence 
> that there is no eavesdropper along the chain.

I started working on a spec for this:

http://www.xmpp.org/extensions/inbox/hopcheck.html

Still many details to define. Also it might be nice to have a "verbose" 
mode (which would return information about the certificates presented or 
whatever).

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20070501/8770d1f6/smime.bin


More information about the Security mailing list