[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns

Dave Smith dizzyd at jabber.org
Tue May 27 20:03:24 UTC 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Tuesday, May 27, 2003, at 13:47 America/Denver, Matt Tucker wrote:

> What if we added a note to the auth JEP that clients may choose to 
> SHA1 the password before sending it to the server if they wish to have 
> added obscurity? This would accomplish the same thing as edigest while 
> keeping our current protocol intact.

As my example demonstrated, that does squat and we STILL have broken 
backwards compatibility.

> I think this is a somewhat silly use case. The important aspect of 
> backwards compatability is on the
> protocol level, not on the "user using two different clients level", 
> especially since it's very rare that a user actually uses two clients 
> (yes, besides us developer geeks).

Silly or not, a focus on backwards compatibility is the reason that 
Jabber clients written 3 years ago still work on the current (and new) 
server.

> It just doesn't seem worthwhile to create a new digest mechanism that:
>  1) Is the exact same thing that we're using now, just with different 
> wording saying "don't send a plain text password".

Yes, it's an evolution -- not a revolution. Sometimes protocols need to 
grow incrementally.

>  2) Doesn't provide any real security enhancements, just obscurity.

So why don't *nix systems store passwords in plaintext? Aren't they 
just "obscuring" the data? Hullo?!

>  3) Will break all old clients, libraries, and servers.

Using <edigest> will break nothing.

> Instead, let's encourage people to either use SASL, or solve security 
> problems in a real by either using SSL or by implementing encryption 
> at the database level. It seems worse to give a false sense of 
> security than to do nothing at all given all the other considerations.

I'm all about encouraging people to use new security mechanisms, but 
honestly your gonna be hard pressed to demonstrate that basic-MD5 SASL 
auth is ANY more secure than our existing SHA-digest mechanism.

For those of you who haven't been around, one of the driving goals of 
Jabber has always been to provide a system which permits easy-to-write 
clients. Now, SASL may not be that hard, but our existing SHA system is 
dirt simple and has worked well for a LONG time. We don't _have_ to 
throw it out, and we have the opportunity to improve it.

Again, this is a simple evolution of the protocol. Let's not blow this 
up into something more than that, ok?

Diz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE+08SMYNE3chVHHsMRAks3AJ4s+r7Rzl+ZvuNDxLYN+7NK7VpDngCeNQy3
l1myhqBbiwOyfCTzZIz/Phk=
=AEBN
-----END PGP SIGNATURE-----




More information about the Standards mailing list