[Security] Reminder :: Draft feedback on "C2C authentication using TLS"
dmeyer at tzi.de
Mon Aug 25 06:30:40 CDT 2008
Jonathan Schleifer wrote:
> Am 25.08.2008 um 12:05 schrieb Dirk Meyer:
>> But where to put the fingerprint? IMHO that is needed to know if we
>> can use that mechanism. The information that the other side supports
>> X.509 is useless when I have no way to verify the key. The only option
>> I see it the 'name':
>> <item jid='urn:xmpp:c2ctls:x509'
>> Looks kind of strange. On the other hand, the fingerprint is some sort
>> of name of the certificate.
> Can you please explain me why you want a fingerprint there? That's
> totally useless IMO, the server could forge that.
It is only some sort of hint. It makes no sense to use a mechanism
when you can not verify the key. I added the fingerprint to the
<offer> in my proposal (also unsecure at that point) to give the peer
a hint what it will get as certificate when choosing X.509. The same
for OpenPGP. If we do not add it somewhere in disco#query we will get
the same problem. Both clients support X.509 and they open a c2c link
because it is a common feature. Now in the TLS handshake the realize
that the peer uses self-signed certificates they can not verify. IMHO
they should find out about that sooner to switch to OpenPGP or SRP.
You sound reasonable...Time to up my medication.
More information about the Security