[standards-jig] Version 0.3 of JEP-0046 / DTCP

Ben Schumacher ben at blahr.com
Fri Sep 20 11:17:40 UTC 2002


Justin-

I'm curious about the security of <key> and <verify>. My impression of
this mechanism is that it isn't very secure. If somebody wanted to, it
would be fairly easy to hijack somebody's DTCP connection by simply using
a packet sniffer. If somebody was monitoring either client's TCP
connection to the Jabber server, they could get both of these tokens and
be able to spoof as the connecting party.

Since you made an earlier comparison to JOBS (JEP-0042), I will do the
same here. The JOBS protocol uses a verification system that combines
inbound verification with out-of-bound verifcation at connection time,
while the current design of DTCP agrees upon verification data inbounds,
but does the verifcation complete out-of-bounds.

I think this protocol could be useful, but I'd have reservation about
using it (especially in "passive" mode), without a more secure
verification system. For inspiration, please take a look at what Matthew
Miller conceived for JOBS, as its clear from his design that a lot of
thought went into the protocol.

Cheers, (I hope that was constructive enough....)

bs.

On Thu, 19 Sep 2002, Justin Karneges wrote:
> In the fashion of psa, I will advertise my JEP again as well :)
>
> http://www.jabber.org/jeps/jep-0046.html
>
> I have simplified it and added SSL ("starttls") functionality, which means the
> spec is complete, in my opinion.
>
> Constructive criticism appreciated.
>
> Thanks,
> -Justin





More information about the Standards mailing list