[Security] XEP-0189 Signatures

Dirk Meyer dmeyer at tzi.de
Tue Sep 9 13:39:23 CDT 2008


Hi,

XEP-0189 is now updated to use ASCII and also supports to sign a key
with another. This is not only usefull for signing client keys with a
server key, it is also useful for signing a X.509 certificate with an
OpenPGP key. After some saerching I found no TLS lib for Python
supporting TLS with OpenPGP. But if I sign my X.509 certificate with
the OpenPGP key we can use OpenPGP to verify the X.509 certificate (I
guess this practice should be written down somewhere).

But we also support SRP (and there is at least one Python lib that can
do that). After SRP is used it would be great to exchange certificates
so we can skip the password stuff the next time. So let's say I
exchange X.509 certificates with Peter over a SRP secured link. Now
what? I can sign his certificate so all my clients know that I already
verified that certificate. But where to store it? There are two
choices: my PEP or his PEP.

My PEP: I could add external keys to my XEP-0189 PEP. This would be
very confusing because it is not my key. We would have to add a jid to
keyinfo:

| <keyinfo jid="stpeter...">
|   <name>his key fingerprint</name>
|   <signaure>
|     my signature
|   </signature>
| </keyinfo>

Pros:
- Only I have write access and can control it
- I can remove the signature later

Cons:
- Confusing, maybe we can add a second pubsub node just for external
  keys I signed.
- Peter can not track who signed his key. Since we do not re-invent a
  compex web-of-trust (we have OpenPGP for that) this may not be a
  problem.


His PEP: First of all, I have no write access. I have to send him the
signature and he has to add it to his tree. He just adds my signature
to the list of signatures

| <keyinfo>
|   <name>his key fingerprint</name>
|   <signaure>
|     Peter's OpenPGP signature
|   </signature>
|   <signaure>
|     my signature
|   </signature>
| </keyinfo>

Pros:
- Peter can control the signatures
- Others can use this as some kind of web-of-trust when they see my
  signature and trust me.

Cons:
- I can not remove a signature later, only Peter can (is this a
  problem?)
- Complex because I have to send the signature to a client of Peter
  and that client does the upload.


Comments? Other Ideas?


Dirk

-- 
If you choke a Smurf, what color does it turn?



More information about the Security mailing list