[Security] XEP-0189 Update Proposal Part 1

Justin Karneges justin at affinix.com
Sat Sep 6 17:31:25 CDT 2008


On Saturday 06 September 2008 14:21:25 Dirk Meyer wrote:
> What about signing stuff? It also uses a hash.

There is no universal signature format for X.509, as far as I know.  The 
closest I can think of would be a Cryptographic Message Synax (PKCS#7) 
signature, but it seems doubtful that a library called 'tlslite' would be 
supporting CMS.

Most likely, tlslite is outputting a key-specific format.  For example, it 
could be using EMSA1 (for DSA) or EMSA3 (for RSA).  Both of these formats 
allow for different hash types to be used.

> quick look at the source code of tlslite looks like that the algorithm
> is encoded in the signature. Am I right?

Could be.  I'm not sure how the low-level formats really work.  Were you 
looking at a format for DSA?  I think there's one that includes the hash type 
used.

Just like with the fingerprint, I think you're going to have to either specify 
the format method explicitly in the XEP, or allow the format information to 
be passed along in attributes.

> > You lost me here.  Who is creating this signature?  Is the certificate
> > signing itself?  What's the 'fingerprint' in <signature> for in this
> > case?  I admit I didn't read the whole discussion.  Maybe this is some
> > Web-of-Trust stuff?
>
> Yes.

So the fingerprint in the <signature> is the fingerprint of the one doing the 
signing (and not the fingerprint of the signature itself, that's what had me 
partly confused..).

Another issue: X.509 already has the ability to sign certificates.  You have a 
User cert and a Client cert.  Why have Client be self-signed, and then again 
signed by User, when User (acting as a CA) could sign Client in the first 
place?

> Well, the expired is more or less useless, I agree. It is only here as
> a hint. About the revoke: can you revoke a certificate and add that
> information in the certificate? The problem is a have no CA and when a
> client gets stolen, I want to revoke the certificate. My understanding
> is that you have to check the CA for revoked keys. Without a CA I need
> something else.

The revoke would have to include a signature, otherwise you could revoke 
certificates that aren't yours.

See GnuPG, where the common practice is to create a revoke message at the time 
of key generation, keep it in a safe place, and then if your key is 
compromised or lost then you can broadcast the revoke message to the world.  
It's important to generate the revoke message before you lose your key, 
otherwise you can never revoke it.

-Justin


More information about the Security mailing list