[Standards-JIG] XMPP trust diameter
stpeter at jabber.org
Thu May 25 01:41:56 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Jean-Louis Seguineau wrote:
> I am not 'mixing' terms, Hal, just 'stating' what I have read and heard
> people saying ;)
> Thanks, it helps. You just confirmed some of the shortcomings associated
> with these statements. But it is bringing more questions.
> I recall Peter using the fact an XMPP server was rewriting the 'from' JID as
> an argument against SIP in term of trusting the source of the message... In
> your opinion, are we saying this address rewriting increases trust?
It helps, yes. It's harder to run a rogue server than to be a rogue
client, so rewriting the 'from' address raises the bar. Add in server
dialback and that makes it a lot harder to fake from addresses in XMPP
than in SMTP. Impossible to fake? No. But a lot harder (and hard enough
that the spammers will use some other network). Remember, we don't need
to be the fastest antelope, just an antelope that is fast enough so that
someone else will be eaten.
> And if
> it does, are we saying this trust becomes invalid outside one's own home
Why would it become invalid?
> More generally, you seem to refer to trust as only being established between
> persons. I believe this is a bit restrictive. In you opinion, can we
> envisage a possibility to increase the trust level if we introduce a way for
> an XMPP entity to assert that the source JID of a stanza has been properly
> authenticated? Or would you say we always need to perform this verification
> against a particular context's asserting party ?
I think we can make the whole network more trustworthy through the
ubiquitous use of TLS for server to server, etc. I'm working on a
proposal about that now...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards