[Standards-JIG] The Great Encryption Debate

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Wed Aug 3 02:23:36 UTC 2005


On Tuesday 02 August 2005 04:01 pm, David Waite wrote:
> >   3) presence signing.  JEP-0116 does not cover this topic.  What do
> > others think about it?  This might be something that only object security
> > can provide.
>
> Presence signing is both non-targeted and extremely sensitive to
> replay, so it cannot be used to verify the authenticity of a user
> without further challenging by particular peers. What are the reasons
> seen for wanting to sign presence?
>
> Also, how would xml be signed? I evaluated traditional xml
> canonicalization with xml-security a while back, and came to the
> conclusion that servers were not conformant enough to xml for xmpp to
> be a safe/realistic transport of signed data, unless that data was
> under some text encoding like base64.

I covered these issues in jep-secure.  There would be a TTL for signed 
presence, such that the information would "expire" if a new signed presence 
is not delivered in time.  To avoid canonicalization issues, the presence 
packet would contain the presence information twice, once in the main part of 
the stanza, and again inside of a signed (non-detached) payload.  The main 
purpose for redundantly including the information outside of the signed chunk 
would be so non-secure clients could still read it.

Of course, this doesn't answer your question about the reasons signed presence 
might be desired.  That was actually my question. :)

If an attacker is able to cause someone to appear available when they are 
actually not, is this worth securing?  At the very least, signed presence 
would prove that the content (particularly the value of <status>, if it is 
something lengthy) is legit, which might be as useful as regular message 
signing.  But then maybe these things are not compelling.

-Justin



More information about the Standards mailing list