[Security] XEP-0189 and XEP-0178 Interaction
dmeyer at tzi.de
Tue Sep 9 13:51:43 CDT 2008
In the thread Thread 'Hosted solutions - client/user certs' started by
Johansson Olle E. the idea of client cert with SASL came up.
I want to use a new client. I do not trust that client for its
life-time. E.g. a mobile phone can get stolen. It would be nice if
this client can log into my account without having my password.
XEP-0178 defines SASL-EXTERNAL but it is unclear where the certificate
Here a small idea how it could work:
1. I create a certificate with my new client
2. I upload a client certificate to the XEP-0189 pubsub node. Either
with a different client or with the new one and it should not store
the password I use for login.
3. The XMPP server has access to the pubsub node, in fact, the pubsub
node is part of the server.
4. The client logs into the network using SASL-EXTERNAL and its
5. The server sees the certificate in my pubsub node and grands
6. The device gets stolen and I remove the certificate. The client can
log in anymore.
This sounds strait forward to me but some stuff is important:
1. Once I remove a certificate and the client is still loged in, the
server MUST terminate the stream or the bad client can add its
2. Who is allowed to add a certificate? Right now all my clients
are. Is this a problem if a client with certificate can add
another? A bad client can add others before it gets
disconnected. Again: is this a problem?
We could use the signature stuff again. Only clients signed with my
user key can log in. But that will make things a bit complicated for
BTW, if a bad client removes all certificates except its own, you
still have control because you always have the password login.
Comments on that? And where to put it? XEP-0189? XEP-0178? A new XEP?
And a question for server developer: how complicated is it to add a
feature like this?
My Other car is a beater (On the back of a beater).
More information about the Security