[Standards-JIG] Re: UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Thu Mar 18 20:37:11 UTC 2004


On Thursday 18 March 2004 12:07 pm, Joe Hildebrand wrote:
> > > How can you trust the jabber:iq:time result? Mallory could have
> > > intercepted the time query result.
> >
> > c2s encryption?  In any case, such a query is simply a hint.
> > The client won't actually use this value, it would just aid
> > those with screwy clocks.
>
> But what if that hint is malicious.  The whole point of e2e is that you
> don't trust the server.

The hint is harmless, because no possible response could cause a security 
violation.  It's simply a reminder to the user that his clock might be wrong.  
The client would not change the local clock to use the server time value, nor 
would the value even be displayed.  The user would simply say "oops!" and 
look at his microwave to get the proper time, and fix his computer's clock as 
necessary.

> You can't store things on the server, unless they are encrypted with your
> private key.  You can't rely on the server to provide hints.  You can't
> rely on the server to always respond the same way to the same request, as
> well.

Stanza Security does not rely on the above time hint.  The procedure is 
completely optional and not part of the JEP.

> So, for example, storing your public key in vcard probably isn't good
> enough.  What if Mallory rooted your server, and had it respond with one
> public key when you asked for yours (to check it), and a different one to
> me?

Storing the public key in the vcard would be no less unsafe than storing it on 
a "keyserver."  Using the vcard doesn't buy us any additional security, but 
it does make for a better distribution mechanism.

-Justin



More information about the Standards mailing list