[Security] Hosted solutions - client/user certs

Dirk Meyer dmeyer at tzi.de
Sun Aug 24 04:33:58 CDT 2008


Dirk Meyer wrote:
> That is a very, very nice idea. The client could create a certificate
> (maybe self-signed) and you upload it to the XMPP server to use
> this. There already is XEP-0178 how to use certificates and not
> passwords. This is also a very good idea about how to handle a bot if
> the device is stolen or hacked: I could just remove the certificate.
>
> Outline for a XEP: Changing User Credentials
>
> 1. A client can add a certificate (self-signed or not does not matter)
>    to the server to use for SASL-EXTERNAL. The verification that this
>    is the correct certificate is out of the scope of that XEP. Each
>    certificate is combined to a name that can not be changed
>    later. This makes it possible for the user to know what clients can
>    log-in and the "not changable" prevents a bad client from renaming
>    itself.
>
> 2. A client can remove a certificate at any time. Clients with that
>    certificate can not log in anymore. Optional: if a client is logged
>    in right now it is kicked out. A server must keep track on how a
>    client used SASL.
>
> 3. A client can change the password for the account. To do that it
>    needs the old password. This prevents a compromised client with a
>    certificate to lock me out of my account.
>
> If I do not trust a client anymore I use my password to remove that
> client and I'm done.

Maybe it is a stupid idea, but we may already have 1. and 2. There is
XEP-0178 using PubSub to upload keys. The PubSub server is part of the
server in most cases. If it is, the server can search the PubSub nodes
for certificates used by SASL-EXTERNAL.


Dirk

-- 
System going down at 1:45 this afternoon for disk crashing.


More information about the Security mailing list