[Standards-JIG] The Great Encryption Debate
theraven at sucs.org
Tue Aug 2 18:37:55 UTC 2005
To get the ball rolling:
It would be nice if whichever protocol is finally agreed on supported
the transitive property of trust.
As an example:
If Alice and Charlie are trying to exchange keys then the first step
would be to exchange hashes of all of the entries on their rosters.
By comparing the hashes, they find that they both have Bob on their
rosters and, as luck would have it, they have both already exchanged
keys with Bob. Since they both trust Bob, they can securely exchange
keys via Bob. This would mean that they would only be vulnerable to
a man-in-the-middle attack if Bob were the man.
Another potential solution would be for the JSF to create a root X.
509 certificate which could be distributed with all clients. Any
server wishing to encrypted clients could then get a certificate
signed by this certificate (which could also be used for c2s and s2s
communication). This certificate would be used to sign a certificate
generated by the client which would prove:
1) The remote server was the server you thought it was, and
2) The remote server thinks the remote user is the person you think
The problem with this approach is that the JSF then has to take on
the rôle of a certificate authority and verify that the person
running the Jabber server is the person who ought to be (although
this could be as simple as only sending the signed certificate to the
admin email address in the whois database, since all the JSF-signed
certificate has to do is prove that the server has a right to claim
to be the server for a particular domain, not that they are a
trustworthy person. A truly paranoid person should still send a hash
of the certificate out-of-band).
More information about the Standards