[Security] TLS Certificates Verification

Jonathan Dickinson jonathanD at k2.com
Thu Aug 21 02:56:43 CDT 2008


> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Remko Tronçon
> Sent: Thursday, August 21, 2008 9:44 AM
> To: XMPP Security
> Subject: Re: [Security] TLS Certificates Verification
>
> ...
>
> We should, however, never compromise security for people who *do*
> care, so I'm not a fan of most of the 'aunt tilly' points in these
> security threads (unless they are about *explaining* security in a
> clear way to aunt tilly).

Agreed entirely. The client should have an advanced and express wizard to facilitate average users.

Advanced: One big potentially confusing dialog with endless possibilities.
Express: Guides the user through keep their messages safe using the best known methods at the time the wizard was built. Certain steps the wizard could be skippable, but they would include visual cues that indicate it isn't a good idea. Typical steps would probably be:

1. Explain the process to the user.
2. Download CA and IC certs and install. Download revocation lists and merge.
3. Create certificate with password.
4. Ask IC to sign cert.
5. [Skippable] Place the certificate on a thumbdrive and configure the program to read it from there.
6. [Skippable] Back the certificate up to either CD-RW (recommended) or XMPP server (if we can figure that one out).
7. Explain to the user how they can set up an encrypted messaging channel.
8. Finish

Now I am not sure if those are the best practices, etc. but it gives a good idea about the fact that: an advanced user should be completely happy with what the wizard does if they skip none of the steps, while an average user won't be denied the ability to lower their security (but increase convenience). Paranoid users can still use the advanced mode to tinker the beast to death.

>
> cheers,
> Remko


More information about the Security mailing list