[Security] Hosted solutions - client/user certs

Dirk Meyer dmeyer at tzi.de
Sun Aug 24 13:58:00 CDT 2008


Johansson Olle E wrote:
> 24 aug 2008 kl. 20.09 skrev Dirk Meyer:
>
>> Pavel Simerda wrote:
>>> PubSub will be on virtually every server in the future and it's
>>> suitable for saving both private and public data.
>>>
>>> The only issue is: do you trust the server list? Maybe you can also
>>> store your own signatures for the certificates? I don't understand
>>> the
>>> precise purpose of this outline but I believe it should also include
>>> a listing of security features it is intended to provide.
>>
>> I trust the server to hold the certificates for clients that can log
>> in at the server. If the server is bad it does not care anyway. But I
>> do not trust the server for c2c certificates, they have to be signed
>> by a key I trust. But we can use the same list for both cases. Keep
>> the list of client certificates signed on a pubsub node. The server
>> (which may not be able to verify the signature but that doesn't
>> matter) allows all clients with such a certificate to log in. For c2c
>> all clients use that list including the signature for authentication.
>>
>
> Certificates has no sensitive information - a signed document
> with some data and a public key. The fact that I have a few
> selfsigned certificates for clients might be sensitive, so the
> server needs some sort of ACL for these lists. But no one can
> gain access just by getting the certificates.

No, because they do not have the private key.

> I would not trust the server to hold my credentials - neither
> my private key or my password.

Never. I only want to upload the certificates so clients can log
in. They have the private key. I do not want to give them the
password. Like someone wrote, his iphone may get stolen.

> Dirk - after thinking about it for a while, I believe that the
> user/cert concept is outside of the scope of the c2c communications
> solution, even though they're an important concept in those cases.
> The secure c2c document will have to refer to this doc, but I think
> that user/client delegation requires it's own document

Agreed. The hosted solution started as a different topic but it
shares some concept from my c2c document. I guess we need the
following:

o XEP-178 for key publishing. Peter says it needs some more love and I
  agree.

o A XEP for SASL-EXTERNAL using XEP-178. It could be part of XEP-178
  but I guess it is cleaner for server developer to have this as extra
  doc. The concept of user/client certs does not matter

o My c2c stuff. It does not cover how to sign keys. There is a
  reference to OpenPGP and CAs, but how to sign a client key with a
  user key is missing.

o XEP about the concept of user/client certs and how to sign, upload
  and use them.

o Optional and not related to the stuff above: a XEP how to change a
  password on the server.

Maybe some docs can be merged into one.


Dirk

-- 
+++ Divide By Cucumber Error. Please Reinstall Universe And Reboot +++
        -- (Terry Pratchett, Hogfather)


More information about the Security mailing list