[standards-jig] Version 0.3 of JEP-0046 / DTCP

Justin Karneges justin-jdev at affinix.com
Fri Sep 20 23:53:18 UTC 2002


Ben,

DTCP does verification completely out-of-bound for the sake of simplicity, as 
there might be more than one host/port to try to connect to.  The purpose of 
DTCP's key/verify is really only to make sure you are talking to the right 
person in the easiest way possible (the verify is to prevent a local LAN user 
spoofing the address of a user on a remote LAN).

For any real security, I would think this would have to be combined with SSL 
and/or XML encryption, which is more of an issue with Jabber as-a-whole.  
Perhaps we could come up with a real xml encryption standard, rather than 
complicating our other protocols with their own weaker method?  Or is this 
just too far away from happening anytime soon?

Since we are all aware now of the security holes in DTCP, for comparison what 
are the security holes in JOBS?  Do these security holes change if SSL is 
added to the mix?

It is quite possible I don't understand all of the implications here.  I am 
not a security expert..

Thanks,
-Justin

On Friday 20 September 2002 04:17, Ben Schumacher wrote:
> Justin-
>
> I'm curious about the security of <key> and <verify>. My impression of
> this mechanism is that it isn't very secure. If somebody wanted to, it
> would be fairly easy to hijack somebody's DTCP connection by simply using
> a packet sniffer. If somebody was monitoring either client's TCP
> connection to the Jabber server, they could get both of these tokens and
> be able to spoof as the connecting party.
>
> Since you made an earlier comparison to JOBS (JEP-0042), I will do the
> same here. The JOBS protocol uses a verification system that combines
> inbound verification with out-of-bound verifcation at connection time,
> while the current design of DTCP agrees upon verification data inbounds,
> but does the verifcation complete out-of-bounds.
>
> I think this protocol could be useful, but I'd have reservation about
> using it (especially in "passive" mode), without a more secure
> verification system. For inspiration, please take a look at what Matthew
> Miller conceived for JOBS, as its clear from his design that a lot of
> thought went into the protocol.
>
> Cheers, (I hope that was constructive enough....)
>
> bs.
>
> On Thu, 19 Sep 2002, Justin Karneges wrote:
> > In the fashion of psa, I will advertise my JEP again as well :)
> >
> > http://www.jabber.org/jeps/jep-0046.html
> >
> > I have simplified it and added SSL ("starttls") functionality, which
> > means the spec is complete, in my opinion.
> >
> > Constructive criticism appreciated.
> >
> > Thanks,
> > -Justin
>
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> http://mailman.jabber.org/listinfo/standards-jig




More information about the Standards mailing list