[Standards] XMPP and W3C Digital Signature Specification

Peter Saint-Andre stpeter at stpeter.im
Sat Apr 5 03:50:12 UTC 2008

Hi Boyd, thanks for posting about this.

Boyd Fletcher wrote:
> Over the last couple of years we have discussed various approaches to add
> digital signature support to XMPP 

In fact we haven't had many discussions about digital signatures, mostly
about end-to-end encryption. :)

> that did not violate the XML nature of
> XMPP like RFC3923. 

Well, that's a good thing. :)

> We would like to propose a method of using W3C¹s XML
> Digital Signature specification. Below is description of how we use the W3C
> spec with XMPP. We have been using this approach for about 3 years and it
> seems to work quite well though it is a bit expensive in terms of message
> size but with digital signatures, I¹m not sure that can be avoided.

Who is "we"? Do you have multiple implementations in different
codebases? One of the major concerns I have heard with XML dsig is
interoperability (e.g., I have heard reports about serious interop
problems with SAML). In particular, I have heard that canonicalization
("c14n") has caused interop problems, since different people interpret
c14n differently (and there are 3 or 4 different c14n methods!).

> We are curious what other people think and if its worth moving forward with
> a XEP to formally describe the approach.

It might well be. I haven't heard much interest in digital signatures
for IM (heck, even email signing is not very popular, for example I'm
one of the only people posting to this list who signs his email with an
X.509 signature). I have heard some interest in end-to-end encryption,
but it's difficult even to get people interested in encryption.

> details:
> We chose to use the W3C because its standardized, well understood, and
> widely implemented. We were not planning to address how the public keys
> between the users are exchanged or how the certificates are validated.

Do you have comments on XEP-0189? It's currently in Last Call.

> A digital signature is encapsulated in the <ds:Signature/> element. This
> signature element is a child element of either <message/>, <presence/>,
> <iq/>.  

What do you sign? The complete stanza?

> A client or server would use JID in XMPP stanzas to lookup a
> client's X509 certificate. 

For X.509, I assume that the certificate would need to include an XMPP
OID (id-on-xmppAddr)? What if it doesn't?

> When multiple certificates are available for that
> JID, the <ds:KeyName/> will identify which to use.
> The <ds:KeyName/> carries a X509 fingerprint which is a MD5 digest of the
> X509 certificate and formatted as hex characters, each byte separated by a
> colon. For example,
> <ds:Key-Name>94:01:67:A6:45:70:B3:AD:8D:A3:8D:B9:2F:46:AA:52</ds:KeyName>
> A digitally signed IQ stanza. Note this does cause a slight incompatibility
> with the current IQ schema as we would like to put the digital signature as
> a 2nd child node of IQ to make it consistent with message and presence
> stanzas. 

Would that be the only allowable second child of <iq/>? I'm not
particularly interested in allowing multiple children of <iq/> in
general, for many reasons (backwards-compatibility, information
coherence for request-response interactions, etc.).

<snip>huge stanzas :)</snip>


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20080404/a71f1146/attachment.bin>

More information about the Standards mailing list