[Standards-JIG] Re: The Great Encryption Debate

Ian Paterson ian.paterson at clientside.co.uk
Wed Aug 10 16:58:58 UTC 2005


> True, but this isn't much of an invasion of privacy - Alice needs to  
> already know Charlie's JID and needs to be friendly enough with Bob  
> to set up a secure chat session (I would suggest that encrypted chat  
> be default for people in your roster, not for random people).

We have to be very conservative when judging what is an invasion of
privacy. Imagine Alice is Bob's jealous new girlfriend (they haven't
exchanged keys yet), Bob has denied he ever talked to Charline, but
Alice wants to confirm that. Bob thought his roster was private, but it
turns out...

> there would be no difference between Charlie being in Bob's
> roster and Charlie's key having been signed by one of Bob's
> friends as a result of a server-initiated signing.

Yes. I guess that would give Bob a plausable excuse. But Alice wouldn't
necessarily buy it. He'd avoid a lot of grief if his trust relationships
really were private.


> A server could possibly be used as an intermediary in this
> maintaining an internal list of trust relationships and  
> finding the [paths from Alice to people on Bob's server], and
> then Bob's server could find [paths from those people] to Bob.

This solution solves the bandwidth issues very well.

The clients would need to confirm with both Alice and Bob exactly who
would be appropriate people to establish a trust relationship through
(Charlie and/or Dave). This policy would also give them control over who
else knows they are establishing relationship.

We would have to trust each server with the knowledge of all its users'
relationships... But we already do that anyway. [We can't stop our own
server knowing who we exchange stanzas with.] So the main new issue
would be that each server would be storing historical information ready
for 'harvesting' during a single short-lived attack.

Unfortunately, this solution would still allow jealous Alice to discover
if boyfriend Bob is chatting to Charline (the server would return Bob in
the list of potential trust intermediaries between Alice and Charline).


I confess I've not read up about Webs of trust. Is there always a
privacy trade-off that doesn't exist with, for example, a centralised
CA? (Of course I understand centralised CAs have their own significant
disadvantages.)

I'm sorry to be picking holes in all these very interesting ideas for ID
schemes. I guess a perfect certification scheme is impossible. So it
will always be easier to pick holes than to come up with a good idea.

- Ian

P.S. I envision all chat sessions to be secure by default. So people
would typically have more trust relationships than the number of users
on their roster.




More information about the Standards mailing list