[Standards-JIG] XMPP trust diameter

Jean-Louis Seguineau jean-louis.seguineau at laposte.net
Thu May 25 00:07:11 UTC 2006


I am not 'mixing' terms, Hal, just 'stating' what I have read and heard
people saying ;) 

Thanks, it helps. You just confirmed some of the shortcomings associated
with these statements. But it is bringing more questions.

I recall Peter using the fact an XMPP server was rewriting the 'from' JID as
an argument against SIP in term of trusting the source of the message... In
your opinion, are we saying this address rewriting increases trust? And if
it does, are we saying this trust becomes invalid outside one's own home
server?

More generally, you seem to refer to trust as only being established between
persons. I believe this is a bit restrictive. In you opinion, can we
envisage a possibility to increase the trust level if we introduce a way for
an XMPP entity to assert that the source JID of a stanza has been properly
authenticated? Or would you say we always need to perform this verification
against a particular context's asserting party ?

Jean-Louis 


-----Original Message-----
Message: 2
Date: Wed, 24 May 2006 13:46:13 -0400
From: "Hal Rottenberg" <halr9000 at gmail.com>
Subject: Re: [Standards-JIG] XMPP trust diameter
To: "Jabber protocol discussion list" <standards-jig at jabber.org>
Message-ID:
	<b13a36870605241046t118204d4l43c09f144ac4977b at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 5/24/06, Jean-Louis Seguineau <jean-louis.seguineau at laposte.net> wrote:
> I have seen many times on the list that XMPP is providing a greater level
of
> trust than other communication protocol. XMPP certainly claim a stronger
> authentication than many others by the support of SASL and/or TLS.

Careful, don't mix your terms here.  Trust != Authentication.  Also
SASL and TLS are used to authenticate to a server, not another person.

> My question to the list is: how far can the trust established on a user
home
> server be extended outside this server. Or put another way, once I cross
an
> s2s link, what remains of my initial trust, and how does it decrease with
> the number of linked crossed?

When hops > 1 trust = 0 in practical terms.  For example, most people
agree that you can trust that a top-level CA has gone through some
effort (and $$) to obtain that root certificate.  What does that mean?
 It just means that we know who that entity is.  I'm not aware of what
level of authenticity the CAs demand, but I do know that nothing is
mandated by law (not that I'm proposing that it should be, eh Peter?).
 So what you have is a group of companies who have their own rules
about who can join.  Ok, this is starting to sound political even to
my ears but I'm really not trying to go there.

My point is this: TLS isn't a web-of-trust model, it's a hierarchical
model.  If you trust the guy at the top, you "have" to trust everyone
below.

The closest thing that we have to trust in XMPP now would be JEP-0027
[1], and that's just PGP/GPG bolted on top.  I don't believe its in
very wide usage.  (I should do a Psi user poll...)

Besides, there is nothing in XMPP that tells me how the other end of
the conversation authenticated.  For all I know it uses anonymous SASL
and I'm speaking to a random visitor to a website who chose the nick
that I see in my chat window.  Or it could be some guy telnetting to
port 5222!

I hope this helps to answer your questions.  :)

[1]: http://www.jabber.org/jeps/jep-0027.html







More information about the Standards mailing list