[Security] XEP-0189 and XEP-0178 Interaction

Dirk Meyer dmeyer at tzi.de
Tue Sep 9 13:51:43 CDT 2008


Hi,

In the thread Thread 'Hosted solutions - client/user certs' started by
Johansson Olle E. the idea of client cert with SASL came up.

I want to use a new client. I do not trust that client for its
life-time. E.g. a mobile phone can get stolen. It would be nice if
this client can log into my account without having my password.
XEP-0178 defines SASL-EXTERNAL but it is unclear where the certificate
comes from.

Here a small idea how it could work:

1. I create a certificate with my new client

2. I upload a client certificate to the XEP-0189 pubsub node. Either
   with a different client or with the new one and it should not store
   the password I use for login.

3. The XMPP server has access to the pubsub node, in fact, the pubsub
   node is part of the server.

4. The client logs into the network using SASL-EXTERNAL and its
   certificate.

5. The server sees the certificate in my pubsub node and grands
   access.

6. The device gets stolen and I remove the certificate. The client can
   log in anymore.

This sounds strait forward to me but some stuff is important:

1. Once I remove a certificate and the client is still loged in, the
   server MUST terminate the stream or the bad client can add its
   certificate again.

2. Who is allowed to add a certificate? Right now all my clients
   are. Is this a problem if a client with certificate can add
   another? A bad client can add others before it gets
   disconnected. Again: is this a problem?

We could use the signature stuff again. Only clients signed with my
user key can log in. But that will make things a bit complicated for
server developer.

BTW, if a bad client removes all certificates except its own, you
still have control because you always have the password login.


Comments on that? And where to put it? XEP-0189? XEP-0178? A new XEP?
And a question for server developer: how complicated is it to add a
feature like this?


Dirk

-- 
My Other car is a beater (On the back of a beater).


More information about the Security mailing list