[standards-jig] JEP:0015 Account Transfer
debug at nafai.dyndns.org
Thu Jan 24 15:42:20 UTC 2002
Yeah; security is on my list of issues at the bottom of the jep. But if
someone can hack the server or your account you're pretty much screwed
anyway. I think the process in the JEP outlines a fairly robust method
of verifying the transfer. You must trust the server the account is
already on; and that server must be able to keep track that an account
transfer was requested and granted.
oldaccount: the old account of the user
newaccount: the new account of the user
tertaccount: the account of someone subscribed to oldaccount's presence.
mainuser: the user transfering his account from oldaccount to newaccount
oldserver: the server hosting oldaccount
newserver: the server hosting newaccount
tertserver: the server hosting tertaccount
mainuser logs into both oldaccount and newaccount
oldaccount requests to transfer to newaccount
oldserver notes request
newserver notes request
newaccount accepts request
newserver notes acceptance
oldserver notes acceptance
oldserver tells tertserver to alter tertaccount's roster changing
oldaccount to newaccount
tertserver performs alteration and notifies tertaccount
oldserver migrates oldaccount roster/settings to newaccount
In this scenario the only the a user does is request account transfer;
the servers actually send all the necessary requests; therefore it is
necessary to trust the servers are doing the right thing; you don't have
to worry about clients doing evil things; except in the case that an
account has been breached. In the case of a breached account lots of bad
things can happen.
What other security holes am I not seeing? I know they are there..
On Wed, 2002-01-23 at 21:49, David Waite wrote:
> The real question is - how do you do this securely? Imagine someone hacking
> a server, and transferring every user account to a different server. Now,
> imagine this is transparent to users on both this and other servers, and
> thus they don't even know that they are now talking to a different person
> than they were before.
> There are technical reasons why implementing account transfers is hard - but
> the difficulty in doing it in a manner that couldn't be exploited is the
> reason there is no automated way to do it.
> -David Waite
> Standards-JIG mailing list
> Standards-JIG at jabber.org
More information about the Standards