[Security] PGP (XEP-0027)

Peter Saint-Andre stpeter at stpeter.im
Tue Jun 2 08:57:39 CDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 5/20/09 9:08 PM, Justin Karneges wrote:
> On Wednesday 20 May 2009 19:28:30 Stephen Paul Weber wrote:
>> I know XEP-0027 is "historical", but it's currently *the* way to do OpenPGP
>> encryption/signing with XMPP.  I have a few questions.
>>
>> 1) What do people think of also signing the content of the <x
>> xmlns='jabber:x:encrypted'> element, to get encrypted and signed messages
>> (instead of just encrypted messages and signed presence)
> 
> Since most of the attention has been on session security (Esessions/OTR/XTLS), 
> signing of individual messages has been left by the wayside.  All of the 
> session security proposals support some degree of integrity protection 
> (signing the initial session parameters, and then messages protected by MAC).
> 
> However, after our last e2e security discussion, I believe there was some 
> consensus that we should offer both session-based and single message 
> security.  So, we may seriously pursue PGP encrypted+signed single messages 
> once again.

As I understood it, we were thinking that clients would generate a
simple key (not PGP) for use in session security. That key could be
signed with an OpenPGP key or X.509 cert if the user has such a beast,
but we would not introduce a dependency on OpenPGP or X.509.

Further, it seems to me that for stanza signing we would want to sign
the entire stanza, which means that we'd probably need to use something
like XMLdsig (which further introduces a dependency on canonicalization
of XML) -- this is one reason why I'm keeping track of the W3C's work on
cleaning up XMLdsig:

http://www.w3.org/2008/xmlsec/wiki/RoadmapandPublicationStatus

>> 2) What do people think of clearsigning <body> on a message in line with
>> OpenPGP?
> 
> I don't think we should use clearsign in IMs.  It would be silly if clients 
> not supporting PGP were to display all of that clearsigning garbage in a chat 
> window.  For XMPP, it would make the most sense to have the <body> contain 
> just the text message, and separate elements would be used to handle the 
> signature/etc.

Agreed.

>> 3) Has there been discussion of OpenPGP signing (also, openssl/Thawte
>> signing) on XMPP messages?
> 
> X.509 signing with S/MIME has been discussed, and in fact is published in RFC 
> 3923, though nobody implements it.
> 
>> It would be really awesome if the same keys/mechanisms could be used for
>> signing (/encrypting) XMPP messages as email messages, in general, since
>> this makes a lot of multi-mode applications much easier to work with.

See above. I think we'd use very simple keys and sign those if needed
(and if the user has an OpenPGP key or X.509 cert -- but how many people
have those?).

> You can read the dead sea scrolls:
>   http://xmpp.org/extensions/inbox/secure.html
> 
> Probably we should have another e2e security discussion again.

Indeed.

Peter

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkolL9MACgkQNL8k5A2w/vwo0gCg6FydlhknIBU4tFICctD6BwBl
aOUAnjhgQBT22QNd6DzZ3CarT4ssUUm8
=Y29H
-----END PGP SIGNATURE-----


More information about the Security mailing list