[Security] XEP-0189 Update Proposal Part 1

Dirk Meyer dmeyer at tzi.de
Mon Sep 8 08:52:35 CDT 2008


Hi,

second version of my XEP-0189-using-ASCII proposal:

| <keyinfo xmlns='urn:xmpp:tmp:pubkey'>
|   <name>unique identifier</name>
|   <x509cert>|<pgpdata>
|      ...
|   </x509cert>|</pgpdata>
|   <signature>
|     <issuer jid='optional'>unique identifier of issuer</issuer>
|     <value method='RSA-SHA1'>
|     </value>
|   </signature>
| </keyinfo>

Name is a unique name, a.k.a. fingerprint of the public key. For
OpenPGP this is the fingerprint defined by OpenPGP. For X.509 without
a standard fingerprint mechanisms this is the SHA1 value in hex of the
certificate. The name is used to search for a key and can be used as
reference in XEP-0250. The name is case-insentive but should be
written in lower case to allow PEP searching.

Next is the key information, X.509 certificate or OpenPGP public
key. For X.509 this is the certificate in DER format Base64 encoded.

| <keyinfo xmlns='urn:xmpp:tmp:pubkey'>
|   <name>428b1358a286430f628da23fb33ddaf6e474f5c5</name>
|   <x509cert>
|     MIICCTCCAXKgAwIBAgIJALhU0Id6xxwQMA0GCSqGSIb3DQEBBQUAMA4xDDAKBgNV
|     BAMTA2ZvbzAeFw0wNzEyMjgyMDA1MTRaFw0wODEyMjcyMDA1MTRaMA4xDDAKBgNV
|     BAMTA2ZvbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0DPcfeJzKWLGE22p
|     RMINLKr+CxqozF14DqkXkLUwGzTqYRi49yK6aebZ9ssFspTTjqa2uNpw1U32748t
|     qU6bpACWHbcC+eZ/hm5KymXBhL3Vjfb/dW0xrtxjI9JRFgrgWAyxndlNZUpN2s3D
|     hKDfVgpPSx/Zp8d/ubbARxqZZZkCAwEAAaNvMG0wHQYDVR0OBBYEFJWwFqmSRGcx
|     YXmQfdF+XBWkeML4MD4GA1UdIwQ3MDWAFJWwFqmSRGcxYXmQfdF+XBWkeML4oRKk
|     EDAOMQwwCgYDVQQDEwNmb2+CCQC4VNCHesccEDAMBgNVHRMEBTADAQH/MA0GCSqG
|     SIb3DQEBBQUAA4GBAIhlUeGZ0d0msNVxYWAXg2lRsJt9INHJQTCJMmoUeTtaRjyp
|     ffJtuopguNNBDn+MjrEp2/+zLNMahDYLXaTVmBf6zvY0hzB9Ih0kNTh23Fb5j+yK
|     QChPXQUo0EGCaODWhfhKRNdseUozfNWOz9iTgMGw8eYNLllQRL//iAOfOr/8
|   </x509cert>
| </keyinfo>

For OpenPGP it is the public key, like X.509 it is the binary output
(default, not -a) and printed using Base64 encoding.

| <keyinfo xmlns='urn:xmpp:tmp:pubkey'>
|   <name>89d099a3428481cc63fe3fa44e7df2d002b4ce44</name>
|   <pgpdata>
|     mQGiBDsKPy8RBACG1vVC8+5jMbtr8YUSfL2ciIu/Zb7/dDhwFd4iFlH7BIEt3RjR
|     wmiCUw/pcL8LHav7L2L4/Yxm8peJxyK0c11tP5Mq8kG3v55BSkZzn3fwKilEYG1c
|     rkOPWMEHds3c8kLDn+WNyxrSpw10EyJSsXc0edBdl7eLHiNQsCNmPpZhvwCg8uCQ
|     ...
|     HDU4Qg9lslDyfa2pHqkweHvC/LmIxrZeCSxOgSMLV8bqbbra1n3F4vdqgc8VP8I2
|     o9wBSf3HMohGBBgRAgAGBQI7Cj82AAoJEE598tACtM5EuWIAn0tHJF+Bk7pPAngp
|     hFOdFgS8UBSAAJ9ZPviS2XDzrWRpiyKV+hDqO/WTHA==
|   </pgpdata>
| </keyinfo>

Last the signature. It is needed to sign one key with another. If
someone already has my X.509 key he can use that to verify my
OpenPGP key. Bots could have X.509 client keys signed by a user key.

| <keyinfo xmlns='urn:xmpp:tmp:pubkey'>
|   <name>571b23d99892f4566017426e92c377288ed6c983</name>
|   <x509cert>
|     MIICXDCCAcWgAwIBAgIJAKBfLqul2lj3MA0GCSqGSIb3DQEBBQUAMCkxJzAlBgNV
|     BAMUHmRtZXllckBqYWJiZXIuY29tXDJmdGVzdGNsaWVudDAeFw0wODA5MDYxOTI0
|     MjVaFw0wOTA5MDYxOTI0MjVaMCkxJzAlBgNVBAMUHmRtZXllckBqYWJiZXIuY29t
|     XDJmdGVzdGNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwaRLyj7J
|     /mmliYhjEwGnRGRs6gmcPaIywEK2QLFz6c3/RmRabYbIOE0iZ22D33TguSNQBWfd
|     lweT3bBETUhd3yuCcqWO5Ptiq/6wulMlxVeV5mxwNP/IF94VPWj0jHbRJcU8ZhS4
|     UnX6R5q6OSfBGdUU4mYKdiaHpgqTAO9eeqUCAwEAAaOBizCBiDAdBgNVHQ4EFgQU
|     b8touIdFuXF5clv2I/S1aOOFdN4wWQYDVR0jBFIwUIAUb8touIdFuXF5clv2I/S1
|     aOOFdN6hLaQrMCkxJzAlBgNVBAMUHmRtZXllckBqYWJiZXIuY29tXDJmdGVzdGNs
|     aWVudIIJAKBfLqul2lj3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
|     pA5tI1J9Qpn3jSoQctFksRLb2H3A48R3rU8/qnarwE/AyOvth3k3ulLEmhJBT+0S
|     mVb6WzrZEA/2plu7DhR8ylhuvJv6cAEIN+TPha3yzO2P8uoVZf7hdunOhMLl2Z6w
|     xEfiGI5X9OsaMeFOQa+B2C3uUVAMLbVV7Rp/qQkai1Y=
|   </x509cert>
|   <signature>
|     <issuer>428b1358a286430f628da23fb33ddaf6e474f5c5</issuer>
|     <value method='RSA-SHA1'>
|       E3q/UkjRR3zcZMcIIoE2sSVKUATl26zyzO1Pmoe96p8apW91c3a0KqkQp1ZMBqXX
|       +e2ImqQ79CKv+9qzXitxx+V4EcniKN0ZsSR+9ZbfflxkOvmBa2rpq9hFE1NYyfuT
|       fsAZkRhAGlP7P5ELcvhqJ4WL6qBPYQU2NEnbVlcZSbA=
|     </value>
|   </signature>

Issuer defines the unique name of the key that was used to sign the
the key. Optional issuer can contain a jid of the issuer to make it
possible to find the issuer key. If it is the same user like in this
example this information is not needed. Note: the issuer in this
example is the X.509 from the first example.

Now the value of the signature. IIRC OpenPGP defines how to sign
something, X.509 does not. In that case we need to define the method
used for hash and sign. The only possible value right now is
'RSA-SHA1' (feel free to add more). See 6.4.2 of the xmldsig core or
RFC3110 section 3 how to compute this value.

The string to sign is everything in <x509cert> or <pgpdata> as binary
data. In the example above the steps are: get everything in
<x509cert>, remove the Base64 encoding, create SHA1 sum, add SHA
prefix, fill with padding data and sign. The used TLS lib should be
able to add the prefix and the padding without the user knowing.

For XEP-0250 we exchange the key info to know if we know the key. In
this case we can skip the signature and the key data, use XEP-0189 to
get this. We only need the identifier.

| <offer xmlns='urn:xmpp:tmp:c2ctls'>
|   <keyinfo xmlns='urn:xmpp:tmp:pubkey'>
|     <name>571b23d99892f4566017426e92c377288ed6c983</name>
|   </keyinfo>
|   <srp/>
| </offer>

You have no way of knowning if the key is a X.509 certificate or
OpenPGP key (571b23d99892f4566017426e92c377288ed6c983). But that does
not matter, you can not verify a key you do not know. ;)

So when a client gets the offer above it can check the PEP of the peer
JID to get the key information if it needs it.



Dirk

-- 
Don't read everything you believe.


More information about the Security mailing list