[Standards-JIG] XMPP trust diameter

Jean-Louis Seguineau jean-louis.seguineau at laposte.net
Thu May 25 09:18:19 UTC 2006


Thanks Peter,

Hal was actually saying in his post that trust would go away as soon has
there is a hop on the path of a stanza. This is what I was referring to when
asking if the trust was invalidated as soon as a stanza was leaving one's
home server. You seems to have a different opinion, can you expend slightly?

I agree with the pragmatic approach of making it harder for spammer by
increasing the cost of them using an XMPP network. I have been sold on this
approach for years. Moreover, I see the subtle difference you introduce by
saying "fast enough": you do not eradicate spam, you just route it on
another network ;)

More seriously, I believe TLS is only part of an answer to making XMPP more
"trustworthy", which is why I am particularly interested by what is covered
in the "etc" of your last section. To me "trustworthy" carries some idea of
"being acceptable". Are you saying we could bring an XMPP network to an
acceptable level of trust without resorting to the heavy artillery used in
other web applications? If so, that would be a more than acceptable
achievement, and a decisive advantage.

Jean-Louis
    

-----Original Message-----
Message: 7
Date: Wed, 24 May 2006 19:41:56 -0600
From: Peter Saint-Andre <stpeter at jabber.org>
Subject: Re: [Standards-JIG] XMPP trust diameter
To: Jabber protocol discussion list <standards-jig at jabber.org>
Message-ID: <44750B64.6020400 at jabber.org>
Content-Type: text/plain; charset="iso-8859-1"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jean-Louis Seguineau wrote:
> I am not 'mixing' terms, Hal, just 'stating' what I have read and heard
> people saying ;) 
> 
> Thanks, it helps. You just confirmed some of the shortcomings associated
> with these statements. But it is bringing more questions.
> 
> I recall Peter using the fact an XMPP server was rewriting the 'from' JID
as
> an argument against SIP in term of trusting the source of the message...
In
> your opinion, are we saying this address rewriting increases trust? 

It helps, yes. It's harder to run a rogue server than to be a rogue
client, so rewriting the 'from' address raises the bar. Add in server
dialback and that makes it a lot harder to fake from addresses in XMPP
than in SMTP. Impossible to fake? No. But a lot harder (and hard enough
that the spammers will use some other network). Remember, we don't need
to be the fastest antelope, just an antelope that is fast enough so that
someone else will be eaten.

> And if
> it does, are we saying this trust becomes invalid outside one's own home
> server?

Why would it become invalid?

> More generally, you seem to refer to trust as only being established
between
> persons. I believe this is a bit restrictive. In you opinion, can we
> envisage a possibility to increase the trust level if we introduce a way
for
> an XMPP entity to assert that the source JID of a stanza has been properly
> authenticated? Or would you say we always need to perform this
verification
> against a particular context's asserting party ?

I think we can make the whole network more trustworthy through the
ubiquitous use of TLS for server to server, etc. I'm working on a
proposal about that now...

/psa





More information about the Standards mailing list