[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns
dizzyd at jabber.org
Tue May 27 20:03:24 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Tuesday, May 27, 2003, at 13:47 America/Denver, Matt Tucker wrote:
> What if we added a note to the auth JEP that clients may choose to
> SHA1 the password before sending it to the server if they wish to have
> added obscurity? This would accomplish the same thing as edigest while
> keeping our current protocol intact.
As my example demonstrated, that does squat and we STILL have broken
> I think this is a somewhat silly use case. The important aspect of
> backwards compatability is on the
> protocol level, not on the "user using two different clients level",
> especially since it's very rare that a user actually uses two clients
> (yes, besides us developer geeks).
Silly or not, a focus on backwards compatibility is the reason that
Jabber clients written 3 years ago still work on the current (and new)
> It just doesn't seem worthwhile to create a new digest mechanism that:
> 1) Is the exact same thing that we're using now, just with different
> wording saying "don't send a plain text password".
Yes, it's an evolution -- not a revolution. Sometimes protocols need to
> 2) Doesn't provide any real security enhancements, just obscurity.
So why don't *nix systems store passwords in plaintext? Aren't they
just "obscuring" the data? Hullo?!
> 3) Will break all old clients, libraries, and servers.
Using <edigest> will break nothing.
> Instead, let's encourage people to either use SASL, or solve security
> problems in a real by either using SSL or by implementing encryption
> at the database level. It seems worse to give a false sense of
> security than to do nothing at all given all the other considerations.
I'm all about encouraging people to use new security mechanisms, but
honestly your gonna be hard pressed to demonstrate that basic-MD5 SASL
auth is ANY more secure than our existing SHA-digest mechanism.
For those of you who haven't been around, one of the driving goals of
Jabber has always been to provide a system which permits easy-to-write
clients. Now, SASL may not be that hard, but our existing SHA system is
dirt simple and has worked well for a LONG time. We don't _have_ to
throw it out, and we have the opportunity to improve it.
Again, this is a simple evolution of the protocol. Let's not blow this
up into something more than that, ok?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
-----END PGP SIGNATURE-----
More information about the Standards