[Security] Hosted solutions - client/user certs

Pavel Simerda pavlix at pavlix.net
Sun Aug 24 13:04:11 CDT 2008


PubSub will be on virtually every server in the future and it's
suitable for saving both private and public data.

The only issue is: do you trust the server list? Maybe you can also
store your own signatures for the certificates? I don't understand the
precise purpose of this outline but I believe it should also include
a listing of security features it is intended to provide.

Pavel


On Sun, 24 Aug 2008 12:22:57 +0200
Johansson Olle E <oej at edvina.net> wrote:

> 
> 24 aug 2008 kl. 11.33 skrev Dirk Meyer:
> 
> > Dirk Meyer wrote:
> >> That is a very, very nice idea. The client could create a
> >> certificate (maybe self-signed) and you upload it to the XMPP
> >> server to use this. There already is XEP-0178 how to use
> >> certificates and not passwords. This is also a very good idea
> >> about how to handle a bot if the device is stolen or hacked: I
> >> could just remove the certificate.
> >>
> >> Outline for a XEP: Changing User Credentials
> >>
> >> 1. A client can add a certificate (self-signed or not does not  
> >> matter)
> >>   to the server to use for SASL-EXTERNAL. The verification that
> >> this is the correct certificate is out of the scope of that XEP.
> >> Each certificate is combined to a name that can not be changed
> >>   later. This makes it possible for the user to know what clients
> >> can log-in and the "not changable" prevents a bad client from
> >> renaming itself.
> >>
> >> 2. A client can remove a certificate at any time. Clients with that
> >>   certificate can not log in anymore. Optional: if a client is
> >> logged in right now it is kicked out. A server must keep track on
> >> how a client used SASL.
> >>
> >> 3. A client can change the password for the account. To do that it
> >>   needs the old password. This prevents a compromised client with a
> >>   certificate to lock me out of my account.
> >>
> >> If I do not trust a client anymore I use my password to remove that
> >> client and I'm done.
> >
> > Maybe it is a stupid idea, but we may already have 1. and 2. There
> > is XEP-0178 using PubSub to upload keys. The PubSub server is part
> > of the server in most cases. If it is, the server can search the
> > PubSub nodes for certificates used by SASL-EXTERNAL.
> >
> 
> I don't know enough about PubSub to comment on that, but it sure
> sounds like a useful idea. Anyone else?
> 
> /O 


-- 

Web: http://www.pavlix.net/
Jabber & Mail: pavlix(at)pavlix.net
OpenID: pavlix.net


More information about the Security mailing list