[Security] S2S Leap of faith w/ SASL EXTERNAL
Peter Saint-Andre
stpeter at stpeter.im
Wed Nov 17 20:35:41 CST 2010
On 11/17/10 5:51 PM, Kim Alvefur wrote:
> A thought:
>
> Imagine a server with a self signed certificate. When your server
> connects to it, it of course would't trust the cert enough to do SASL
> EXTERNAL, so it falls back to dialback. If dialback is successfully done
> a few times, while the server presents the same cert, automatically pin
> it and allow SASL EXTERNAL the next time.
>
> Why:
>
> * Encourage more widespread deployment, interop testing of EXTERNAL.
> * Same with general use of TLS, even with self signed certs.
> * Security issues would be about the same as with SSH.
> * I suppose it would help about as much with MITM as dialback does with
> DNS spoofing?
>
> Thougts?
How would the pinning work? In clients, pinning is usually approved by a
human user. Do you foresee that an admin would need to approve the
pinning for server-to-server connections?
Another thought: use server buddy lists and check with domains you trust
to see if they know the cert for that server.
http://xmpp.org/extensions/xep-0267.html
That might make the TOFU ("trust on first use") a bit more tasty. ;-)
Peter
--
Peter Saint-Andre
https://stpeter.im/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6105 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/security/attachments/20101117/7c7439e5/attachment.bin>
More information about the Security
mailing list