[Security] TLS Certificates Verification
Peter Saint-Andre
stpeter at stpeter.im
Tue Aug 19 07:19:37 CDT 2008
Eric Rescorla wrote:
> So, again, I think it would be best to separate two issues:
>
> (1) What style of authentication you want.
> (2) What protocol it's embodied in.
>
> I think we can all agree on the following:
> (1) You must have an operational mode that doesn't require certified
> public keys.
> (2) There needs to be some continuity of authentication mechanism so whatever
> manual authentication stage only needs to be done once.
> (3) The manual authentication stage should be as convenient as possible.
> (4) The system needs to work with Bots on the other end.
Thanks, that's helpful.
> As I indicated in my blog post,
> http://www.educatedguesswork.org/2008/08/authentication.html
> there are a number of potential options, including fingerprints, passwords,
> and SAS. Each has some advantages and disadvantages, and it may
> be the case that you need to have multiple options.
>
> Speaking as someone who knows COMSEC but isn't really part of the XMPP
> community, I would encourage you to try to figure out what *style* of
> authentication
> you want and what the constraints are, and then ask what protocol best suits
> or can be made to best suit those needs.
The thinking behind ESessions and some of the discussion here indicates
an interest in drop-dead-simple authentication so that your average user
can experience the benefits of encryption. No CA-issued certs or PGP
keys to manage, no fingerprint checking required, etc.
Personally I'm fine with fingerprint checking, which is especially easy
if my contact has published a fingerprint to a web page. But not
everyone has a web page. Besides, how do I know that the URL advertised
in your electronic profile is really yours (couldn't your server modify
your profile?). Some of this is solved in social ways (e.g., the URL for
my blog is fairly well known, I post frequently to discussion lists and
provide a link to a contact page, etc.), but for the average user it
might not be feasible to check fingerprints.
As far as I can see, SAS requires checking out of band. But I might not
even know how to contact you out of band -- e.g., via phone or encrypted
email. Furthermore, the average user doesn't sign or encrypt their
email. So we're left with the phone, which is not necessarily convenient
(how do I find your phone number?) or secure (how do I know that the
phone number in your electronic profile is really yours, how do I know
what you're supposed to sound like if I've never talked with you?). And
SAS doesn't help our automated friends (yes, "bots are people too!").
Passwords (a la SRP) are interesting. They require some shared context
(e.g., the password is the name of that bar where we had a beer last
week, the city where we first met, the last song released by a band we
both like, the nickname of that weird guy in the chatroom). But
typically people who are communicating over XMPP have some kind of
shared context, whether that is gained from interacting IRL,
communicating via email or web forums or blogs or IM, sharing some
interest, etc. In the age of Facebook and (to some extent) a common
worldwide culture, presumably some passwords could be guessed, but they
could be made harder to guess if people really care to. Plus, I think
that a mutual, shared passphrase feels familiar to people in a way that
fingerprints and short authentication strings don't (it brings back
memories of secret phrases among children and such). And bots could
generate passphrases in some automated ways that I'm not creative enough
to think of right now.
Anyway, those are some random musings. Maybe someone will find them
helpful...
/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/957671a5/attachment.bin
More information about the Security
mailing list