[Security] Gajim 0.12's E2E encryption UI
stpeter at stpeter.im
Thu Aug 21 09:02:43 CDT 2008
Simon Josefsson wrote:
> Brendan Taylor <whateley at gmail.com> writes:
>> I've posted a description (with screenshots) of Gajim 0.12's end-to-end
>> encryption UI: <http://necronomicorp.com/lab/gajim-0.12-esessions-ui>
>> I think it's generally a good model and would like to be able to do
>> something similar, whatever system we end up with.
> That's useful, it looks like a fairly good user experience.
> XMPP could use TLS and OpenPGP and achieve a similar user experience,
> here's how:
> Each client generate an OpenPGP key for the user when she creates an
Or, presumably, a self-signed DSA or RSA key?
> Instead of verifying a SAS in your example above, the users
> needs to verify the OpenPGP fingerprint. If a SHA-1 hash is too
> techno-babbly, a human-readable transformation of the fingerprint could
> be used. Advanced users can configure the client to use their already
> existing OpenPGP key if they want to re-use it for XMPP, which allows
> for re-use of the existing web of trust.
Right, or re-use an existing X.509 cert (some organizations issue the
latter to their employees) or obtain such a cert from a CA (e.g., the
one we run at xmpp.net).
> Advanced clients could notice when the remote's OpenPGP key is already
> trusted via the web-of-trust, and then print both the OpenPGP
> fingerprint and the names of all keys in the OpenPGP trust path. This
> allows users to have more confidence of the remote identity before
> verifying the OpenPGP fingerprint herself.
As far as I can see, we would treat all of the following in roughly the
- X.509 cert
- OpenPGP key
- DSA key
- RSA key
Some of these might be more trusted than others (e.g., CA-issued cert,
OpenPGP key that's in my WoT), but all of them can be used to show a
fingerprint (or potentially SAS, or shared password a la SRP) to the
user. The first interaction might involve a leap of faith (in the case
of self-signed keys). Or if we can figure out a way to check
fingerprints with other trusted entities on the network (e.g., people in
my contact list), the leap of faith might be slightly less scary (e.g.
this is what some people do now for ssh -- ask the server admin who
creates your account what the fingerprint should be).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080821/2d95745c/attachment.bin
More information about the Security