[Standards-JIG] The Great Encryption Debate

David Chisnall theraven at sucs.org
Tue Aug 2 18:37:55 UTC 2005

To get the ball rolling:

It would be nice if whichever protocol is finally agreed on supported  
the transitive property of trust.
As an example:

If Alice and Charlie are trying to exchange keys then the first step  
would be to exchange hashes of all of the entries on their rosters.   
By comparing the hashes, they find that they both have Bob on their  
rosters and, as luck would have it, they have both already exchanged  
keys with Bob.  Since they both trust Bob, they can securely exchange  
keys via Bob.  This would mean that they would only be vulnerable to  
a man-in-the-middle attack if Bob were the man.

Another potential solution would be for the JSF to create a root X. 
509 certificate which could be distributed with all clients.  Any  
server wishing to encrypted clients could then get a certificate  
signed by this certificate (which could also be used for c2s and s2s  
communication).  This certificate would be used to sign a certificate  
generated by the client which would prove:
1) The remote server was the server you thought it was, and
2) The remote server thinks the remote user is the person you think  
it is.

The problem with this approach is that the JSF then has to take on  
the rôle of a certificate authority and verify that the person  
running the Jabber server is the person who ought to be (although  
this could be as simple as only sending the signed certificate to the  
admin email address in the whois database, since all the JSF-signed  
certificate has to do is prove that the server has a right to claim  
to be the server for a particular domain, not that they are a  
trustworthy person.  A truly paranoid person should still send a hash  
of the certificate out-of-band).

More information about the Standards mailing list