[Security] TLS Certificates Verification

Eric Rescorla ekr at rtfm.com
Mon Aug 18 09:55:48 CDT 2008


On Mon, Aug 18, 2008 at 7:42 AM, Jonathan Schleifer
<js-xmpp-security at webkeks.org> wrote:
> "Eric Rescorla" <ekr at rtfm.com> wrote:
>
>> They will if the software just does it.
>
> So the software automatically signs people I talk to? I also talk to
> people whom I don't trust. This is a bad idea. Really bad.

I don't think you and I are talking about the same thing when we talk about
signing keys. I'm talking about self-signed certs, which is what I read
the message you were responding to be talking about. I agree that having
users sign each others keys is problematic for a number of reasons.


>> I must say, I find SAS fairly user unfriendly as well. At least with a
>> fingerprint
>> type mechanism I can go out of band to someone's web site and check
>> the fingerprint. With SAS, I have to actually call them on the phone.
>
> Having a short, 5 digits long SAS is far more userfriendly than having
> a full fingerprint.

While I agree that manually comparing a short string is easier than manually
comparing a long string, that's not the only tradeoff to be made here, and
as I said, the use model for an SAS is inherently a lot more problematic
than the use model for a fingerprint. More on this at:
http://www.educatedguesswork.org/2008/08/authentication.html


> Calling is also an extra security thing. You
> *HEAR* that it's the person you want to talk to.

Yes, it's a highly inconvenient security thing, which is why I find it
implausible that people will do it. I, for one, use XMPP with lots
of people whom I've never spoken on the phone with.

-Ekr


More information about the Security mailing list