[Security] PGP (XEP-0027)
simon at josefsson.org
Wed Jun 3 02:50:23 CDT 2009
Justin Karneges <justin at affinix.com> writes:
> On Tuesday 02 June 2009 22:24:07 Simon Josefsson wrote:
>> While I like PGP/X509 to be used, I think it is important to also
>> support secure communication to happen based on a shared secret. While
>> the security industry likes to believe public key solutions will solve
>> everything, what normal people understand will continue to be
>> "passwords". And it should be possible to build a secure communication
>> system bootstrapped from a password. One approach is for
>> implementations to generate the X509/PGP certs on the fly, and
>> authenticate them using the shared secret.
> I believe the consensus is that we should support passwords, X.509, and PGP.
> So don't worry, nobody's getting left out. :) Even the latest security spec,
> draft-meyer-xmpp-e2e-encryption-01, covers all three cases.
> I do like the suggestion of generating a self-signed X.509 certificate on the
> fly and protecting it with a password somehow. This way, every existing TLS
> library and language binding can be used to implement password-secured
> In contrast, draft-meyer-xmpp-e2e-encryption-01 specifies that passwords
> should be used natively in TLS, via the SRP extension. This approach is
> ideal from a protocol perspective, but comes with a high cost: developers may
> need to rework/switch TLS libraries. In my opinion, this is not XMPP's
> battle. I think being able to use "off the shelf" TLS libraries is a noble
> goal, and one we should choose over protocol purity.
Sure, but the word "somehow" is critical, and I suspect SRP may turn out
to be the simplest way to achieve the goal. Other alternatives include
inventing protocols like bluetooth-pairing or ZRTP, but compared to
those, I believe TLS-SRP is "off the shelf". I'm not aware of well
standardized online password-based solutions, without a trusted third
party (think Kerberos), that have good properties except for SRP. PSK
based on a password has offline dictionary attack concerns. Does anyone
recall discussion of other options?
More information about the Security