[Security] Reminder :: Draft feedback on "C2C authentication using TLS"

Dirk Meyer dmeyer at tzi.de
Mon Aug 25 06:30:40 CDT 2008


Jonathan Schleifer wrote:
> Am 25.08.2008 um 12:05 schrieb Dirk Meyer:
>
>> But where to put the fingerprint? IMHO that is needed to know if we
>> can use that mechanism. The information that the other side supports
>> X.509 is useless when I have no way to verify the key. The only option
>> I see it the 'name':
>>
>> <item jid='urn:xmpp:c2ctls:x509'
>>          name='fingerprint'/>
>>
>> Looks kind of strange. On the other hand, the fingerprint is some sort
>> of name of the certificate.
>
> Can you please explain me why you want a fingerprint there? That's
> totally useless IMO, the server could forge that.

It is only some sort of hint. It makes no sense to use a mechanism
when you can not verify the key. I added the fingerprint to the
<offer> in my proposal (also unsecure at that point) to give the peer
a hint what it will get as certificate when choosing X.509. The same
for OpenPGP. If we do not add it somewhere in disco#query we will get
the same problem. Both clients support X.509 and they open a c2c link
because it is a common feature. Now in the TLS handshake the realize
that the peer uses self-signed certificates they can not verify. IMHO
they should find out about that sooner to switch to OpenPGP or SRP.


Dirk

-- 
You sound reasonable...Time to up my medication.


More information about the Security mailing list