[Standards-JIG] The Great Encryption Debate
justin-keyword-jabber.093179 at affinix.com
Wed Aug 3 02:23:36 UTC 2005
On Tuesday 02 August 2005 04:01 pm, David Waite wrote:
> > 3) presence signing. JEP-0116 does not cover this topic. What do
> > others think about it? This might be something that only object security
> > can provide.
> Presence signing is both non-targeted and extremely sensitive to
> replay, so it cannot be used to verify the authenticity of a user
> without further challenging by particular peers. What are the reasons
> seen for wanting to sign presence?
> Also, how would xml be signed? I evaluated traditional xml
> canonicalization with xml-security a while back, and came to the
> conclusion that servers were not conformant enough to xml for xmpp to
> be a safe/realistic transport of signed data, unless that data was
> under some text encoding like base64.
I covered these issues in jep-secure. There would be a TTL for signed
presence, such that the information would "expire" if a new signed presence
is not delivered in time. To avoid canonicalization issues, the presence
packet would contain the presence information twice, once in the main part of
the stanza, and again inside of a signed (non-detached) payload. The main
purpose for redundantly including the information outside of the signed chunk
would be so non-secure clients could still read it.
Of course, this doesn't answer your question about the reasons signed presence
might be desired. That was actually my question. :)
If an attacker is able to cause someone to appear available when they are
actually not, is this worth securing? At the very least, signed presence
would prove that the content (particularly the value of <status>, if it is
something lengthy) is legit, which might be as useful as regular message
signing. But then maybe these things are not compelling.
More information about the Standards