[Security] updated Jingle-XTLS proposal

Peter Saint-Andre stpeter at stpeter.im
Fri Feb 20 22:07:23 CST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Florian Zeitz wrote:
> Peter Saint-Andre schrieb:
>> Peter Saint-Andre wrote:
>>> Peter Saint-Andre wrote:
>>>> Dirk Meyer has updated the Jingle-XTLS proposal:
>>>>
>>>> http://xmpp.org/extensions/inbox/jingle-xtls.html
>>> Dirk and I have been communicating off-list about this and we will
>>> provide an updated version before long -- mostly to simplify the
>>> protocol, clarify the error cases, and generalize the spec so that it
>>> can be used with both streaming transports (TLS) and datagram transports
>>> (DTLS).
>> We've updated the spec to version 0.0.3. Dirk and I will probably work
>> on it some more over the weekend. :)
> 
>> Peter
> 
> Some comments you two might take into account:
> 
> Up first the encouraging comment:
> This is a really well written XEP IMHO. The reasoning for the design
> seems quite clear and it is not to lengthy, but still seems to explain
> everything necessary (obviously ignoring the parts that are said to be
> missing). Keep it that way ;)

Thanks! We added the "approach" section today so that we could more
clearly understand what we were doing. I'm glad it was useful for
someone else. :)

> Criticism and nitpicks:
> * Example 3 should probably have action='session-accept'

Will fix.

> * After "The following rules apply to the initiator's handling of the
> session-accept message:" only the 2. case where the certificate could
> not be verified is said to require user interaction. I'd personally also
> want to be asked what to do if encryption wasn't possible (1. case).

Good point.

> * As Non-Human Parties may also be (web-)services. Maybe add encrypted
> E-mail to section 5.1. E.g. Launchpad knows your GPG-key, so they could
> in theory send you encrypted mail with a PIN.
> Or/and possibly something more general along the lines of: "If possible
> any out-of-band method a human could use to convey the PIN is
> practicable too" E.g. a Asterisk PBX may call you and 'read' a PIN to
> you (whether sth. like this would be secure depends on the type of
> telephony and suspected MITM attack of course, but that's a different topic)

Those are helpful suggestions, thanks.

> * Example 10 might need some ellipsis. XTLS being the only feature seems
> unlikely.

I've started removing the ellipses from the XML because I like to
validate the examples. See here:

http://xmpp.org/extensions/examples/

> * Possibly add some notes about bot2bot verification of certificates
> (using a CA I'd suspect)

Yes that seems the likely approach. In fact we have a CA so it could
start issuing client certificates.

Thanks for the feedback, you've inspired me to keep working on this. :)

Peter

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmfffsACgkQNL8k5A2w/vwZ5wCg56i5Rm197pmVdU1XGWtFrt0l
JXUAoNVB2zvlIr3hn/YvMcbNjkrJs+SO
=LA6G
-----END PGP SIGNATURE-----


More information about the Security mailing list