[Standards-JIG] UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Wed Mar 17 04:56:31 UTC 2004


On Tuesday 16 March 2004 4:32 pm, Justin Karneges wrote:
> going to need some careful and protected interaction between all the
> resources via the server, in such a way that a server DoS would not enable
> an attack.  This does sound quite impossible, but I'll think about it and
> reply...

Ok, this problem is not solvable this way, but I'm probably thinking too hard.

I've come up with an alternate perspective, which is that it is the user's job 
to maintain synchronized endpoints.  For instance, keeping multiple 
out-of-sync keyrings yet requiring synced replay caches would be a bit 
eccentric.  If you find yourself syncing your keyrings, you had better sync 
your replay cache as well.  If you can't sync your secure endpoints, don't 
expect good security.  Of course, there would be nothing in the protocol to 
enforce this kind of organization, but good software should make this process 
easy.

A security conscious solution is to store all of your private information 
(private key, keyring, cert storage, replay cache data) on removable media.  
Alternatively you could store it on a server.  If you can't trust a server, 
and you require multiple secure endpoints, you must use removable media.  
There's just no way around it.

The removable media scenario is a bit simpler to work with, because it would 
imply that only one endpoint can be secure at any given time.  When multiple 
endpoints can be sharing the same private key / cache data simultaneously, 
this gets very tricky.  I'm inclined to say that we should limit the use of 
Secure Stanzas to only one logged in resource per user at host.

-Justin



More information about the Standards mailing list