[Security] PGP (XEP-0027)

Simon Josefsson simon at josefsson.org
Wed Jun 3 02:50:23 CDT 2009

Justin Karneges <justin at affinix.com> writes:

> On Tuesday 02 June 2009 22:24:07 Simon Josefsson wrote:
>> While I like PGP/X509 to be used, I think it is important to also
>> support secure communication to happen based on a shared secret.  While
>> the security industry likes to believe public key solutions will solve
>> everything, what normal people understand will continue to be
>> "passwords".  And it should be possible to build a secure communication
>> system bootstrapped from a password.  One approach is for
>> implementations to generate the X509/PGP certs on the fly, and
>> authenticate them using the shared secret.
> I believe the consensus is that we should support passwords, X.509, and PGP.  
> So don't worry, nobody's getting left out. :)  Even the latest security spec, 
> draft-meyer-xmpp-e2e-encryption-01, covers all three cases.


> I do like the suggestion of generating a self-signed X.509 certificate on the 
> fly and protecting it with a password somehow.  This way, every existing TLS 
> library and language binding can be used to implement password-secured 
> sessions.
> In contrast, draft-meyer-xmpp-e2e-encryption-01 specifies that passwords 
> should be used natively in TLS, via the SRP extension.  This approach is 
> ideal from a protocol perspective, but comes with a high cost: developers may 
> need to rework/switch TLS libraries.  In my opinion, this is not XMPP's 
> battle.  I think being able to use "off the shelf" TLS libraries is a noble 
> goal, and one we should choose over protocol purity.

Sure, but the word "somehow" is critical, and I suspect SRP may turn out
to be the simplest way to achieve the goal.  Other alternatives include
inventing protocols like bluetooth-pairing or ZRTP, but compared to
those, I believe TLS-SRP is "off the shelf".  I'm not aware of well
standardized online password-based solutions, without a trusted third
party (think Kerberos), that have good properties except for SRP.  PSK
based on a password has offline dictionary attack concerns.  Does anyone
recall discussion of other options?


More information about the Security mailing list