[Security] TLS Certificates Verification

Jonathan Dickinson jonathanD at k2.com
Tue Aug 19 14:59:05 CDT 2008


I just watched the OTR webcast. It is actually pretty well thought out.

FYI the webcast is here.

http://csclub.uwaterloo.ca/media/Off-the-Record%20Messaging:%20Useful%20Security%20and%20Privacy%20for%20IM.html

There are a few XMPP clients that support it already. Quite attractive. I revoke my idea about DH, I know it has weaknesses and clearly my assumptions about SSL/TLS were incorrect :(. We could get a mathematician on the band-wagon to come up with something: but that would mean making a new standard, which XMPP isn't really about. And OTR is a standard. And it does what we want.

-----Original Message-----
From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On Behalf Of Eric Rescorla
Sent: Tuesday, August 19, 2008 9:27 PM
To: XMPP Security
Subject: Re: [Security] TLS Certificates Verification

On Tue, Aug 19, 2008 at 12:06 PM, Jonathan Dickinson <jonathanD at k2.com> wrote:
> Very good point Justin. Even if we implement SRP chances are that you could get a few lazy developers that don't quit on the documented failure points. Something simple to implement (I am going to read up on OTR now :)) may be a good solution.

Well, this is always a possibility, but PAKE-style systems are
actually more robust
here, sicne you get mismatched keys if the passwords are not equal.
The major way to get hosed is to accept a bogus DH group.

-Ekr


More information about the Security mailing list