[Security] Hosted solutions - client/user certs
dmeyer at tzi.de
Fri Aug 22 11:57:23 CDT 2008
Johansson Olle E wrote:
> There are several phone clients for IM, the most recent one I
> discovered being MobileChat for iPhone, that builds on a model where I
> have to trust them with my credentials for my jabber service. I
Same here. :)
> And if I do trust them, then change my mind, I have to ask my XMPP
> server manager to change my password or do it myself, then just hope
> that it's going to work out for the best. Then I have to change
> password stored in all my clients and devices. There's nothing on the
> web site that helps me to evaluate the trust I should put in them and
> their service.
To help you not contacting the admin would be a XEP to change the
password. Sounds like something very usefull to me.
> Now, if I could issue a client cert for them, signed with my user
> cert, I could revoke that in the server and still keep all my other
> credentials valid.
That is a very, very nice idea. The client could create a certificate
(maybe self-signed) and you upload it to the XMPP server to use
this. There already is XEP-0178 how to use certificates and not
passwords. This is also a very good idea about how to handle a bot if
the device is stolen or hacked: I could just remove the certificate.
Outline for a XEP: Changing User Credentials
1. A client can add a certificate (self-signed or not does not matter)
to the server to use for SASL-EXTERNAL. The verification that this
is the correct certificate is out of the scope of that XEP. Each
certificate is combined to a name that can not be changed
later. This makes it possible for the user to know what clients can
log-in and the "not changable" prevents a bad client from renaming
2. A client can remove a certificate at any time. Clients with that
certificate can not log in anymore. Optional: if a client is logged
in right now it is kicked out. A server must keep track on how a
client used SASL.
3. A client can change the password for the account. To do that it
needs the old password. This prevents a compromised client with a
certificate to lock me out of my account.
If I do not trust a client anymore I use my password to remove that
client and I'm done.
I like that.
Never put off until tomorrow what you can do the day after.
More information about the Security