[Security] S2S Leap of faith w/ SASL EXTERNAL

Dave Cridland dave at cridland.net
Thu Nov 18 16:57:12 CST 2010

On Thu Nov 18 00:51:26 2010, Kim Alvefur wrote:
> Imagine a server with a self signed certificate. When your server
> connects to it, it of course would't trust the cert enough to do  
> EXTERNAL, so it falls back to dialback. If dialback is successfully  
> done
> a few times, while the server presents the same cert, automatically  
> pin
> it and allow SASL EXTERNAL the next time.

Actually, just doing leap-of-faith the first time is sufficient.

You're allowing full dialback as authentication anyway, so in  
practise, this isn't losing you any security, whereas by having to  
build trust in a server, you're providing a larger window for an  
attacker to disrupt.

It's also, of course, not gaining any security - it is gaining  
optimization, but at the risk that an attacker can disrupt, and  
takeover, a server if he times it *just* so. (Or, if your LoF  
certificate store isn't persistent and he figures out how to crash  
your server).

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the Security mailing list