[Security] TLS Certificates Verification

Jonathan Schleifer js-xmpp-security at webkeks.org
Tue Aug 19 08:13:51 CDT 2008


Am 19.08.2008 um 14:19 schrieb Peter Saint-Andre:

> As far as I can see, SAS requires checking out of band. But I might  
> not even know how to contact you out of band -- e.g., via phone or  
> encrypted email. Furthermore, the average user doesn't sign or  
> encrypt their email. So we're left with the phone, which is not  
> necessarily convenient (how do I find your phone number?) or secure  
> (how do I know that the phone number in your electronic profile is  
> really yours, how do I know what you're supposed to sound like if  
> I've never talked with you?). And SAS doesn't help our automated  
> friends (yes, "bots are people too!").

This is thought for people you know IRL. For people you don't know  
IRL, you never can be sure. Everything could be forged. You can't  
prove it's that really person you think it is at all.
If you know someone for a long time, you may have channel to verify  
the key. ESessions offers both, keys and SAS. And I think it is the  
right approach to have both.

> Passwords (a la SRP) are interesting. They require some shared  
> context (e.g., the password is the name of that bar where we had a  
> beer last week, the city where we first met, the last song released  
> by a band we both like, the nickname of that weird guy in the  
> chatroom). But typically people who are communicating over XMPP have  
> some kind of shared context, whether that is gained from interacting  
> IRL, communicating via email or web forums or blogs or IM, sharing  
> some interest, etc. In the age of Facebook and (to some extent) a  
> common worldwide culture, presumably some passwords could be  
> guessed, but they could be made harder to guess if people really  
> care to. Plus, I think that a mutual, shared passphrase feels  
> familiar to people in a way that fingerprints and short  
> authentication strings don't (it brings back memories of secret  
> phrases among children and such). And bots could generate  
> passphrases in some automated ways that I'm not creative enough to  
> think of right now.

While this sounds nice, in reality, it's really really insecure. Most  
questions can be answered by a third person that has monitored  
conversations before. If two chatted a lot before they had encrypted,  
that's a pretty easy task.

--
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080819/b66df2b0/attachment-0001.pgp 


More information about the Security mailing list