[Standards-JIG] UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Wed Mar 17 10:03:25 UTC 2004


On Wednesday 17 March 2004 12:49 am, Jacek Konieczny wrote:
> On Tue, Mar 16, 2004 at 10:17:17PM -0800, Justin Karneges wrote:
> > The solution to this one is to simply not trust presence packets that are
> > older than a certain signature timestamp, where by "trust" I mean
> > "consider it an accurate representation of the user's presence".
>
> I wonder if we can trust presence anyway. Only "available" presence may
> be reliably signed. If the client connection is lost, then the server
> sends "unavailable" presence, without user's signature. The server may
> send the same "unavailable" presence when user is still online or not
> send it when he goes offline.

Certainly, but this wouldn't be proper server behavior.  Such behavior would 
disrupt the peace of things, but it would not be a security breach.  These 
problems would simply be treated the same as network trouble, just as we deal 
with today's network trouble while using plaintext.

> So we cane never be sure that the user is 
> online, we only know that he was online at the moment when he had sent
> his signed "available" presence.

The contact should sign and send his own unavailable presence packet.  If this 
packet is not received by the client, then the client of course cannot alter 
the presence state of the contact.  Once the TTL expires, the client should 
indicate to the user somehow that the presence of this contact is no longer 
secure.

> What is the use of such information, 
> other than announcing user's keyid (which could be solved by different
> means)?

At its basic level, signing presence ensures integrity of such fields as 
<show>, <status>, and whatever else we might throw in there, which I think 
anyone could appreciate.  Having cryptographically strong proof that a user 
is definitely online at a given moment is certainly less useful, but the 
truly paranoid might enjoy it.

One interesting characteristic of unavailable presence is that it is only 
useful after first obtaining an available presence packet.  If I login and do 
not receive an available presence packet from you, then I assume you are 
unavailable, despite that I have no signed proof of this.  And you cannot be 
expected to constantly sign unavailable presence just to indicate this.

Therefore, since a malicious server (or other attacker) has the power to 
convince me that you are unavailable when you really might be available, by 
simply denying the delivery of available presence, then I say we should 
consider all unavailable presence packets (signed or unsigned) as legitimate.  
Signing such packets would still be nice to ensure the integrity of any 
logoff status text, but it would not be required to indicate that the contact 
is offline.

Thoughts?

-Justin



More information about the Standards mailing list