[Standards] New XMPP Use Case: Private Media Networks

Dirk Meyer dmeyer at tzi.de
Wed May 21 17:59:06 UTC 2008


JabberForum wrote:
> For me the only point really important will be anyway the security,
> because XMPP can probably be very secure, and I will already trust far
> more the Jabber network than any of the other IM networks which are for
> most of them not at all secure (and even more than Skype which is the
> one said very secure). But the current implementation and uses of XMPP
> are still not sufficient for me for such sensible uses. Anyway you are
> apparently studying the security consideration very fairly in your XEP
> already.

Thanks. Yes, security is the main problem here. I trust the Jabber
server, but when it comes to personal data, I only trust applications
I control. And based on my XEP it would be possible to do some nasty
stuff.

> I would add also one security layer yet: some commands should be
> makable only locally (for instance on the machine itself). For instance,
> imagine you can control the heater, the aeration system or anything like
> this. You should set some limits locally that even the "owner" of the
> devices cannot change through one's account (but one can do it locally
> if one has physical access to the device for instance, or other access
> very secure). Or maybe this owner's account could run any command, but
> for critical one, they would be a second layer of security (like another
> password to give every time you make such a command, etc.).

It should be possible to only allow services for the owner. That will
be defined in the yet-to-be-written Access Control List section of the
document. Your local idea sounds nice and by accident it is already
defined. If a device only uses link-local communication and does not
register at the XMPP server, only local communication will be
possible. But I will keep the local stuff in consideration when
defining the access control list.

> I am considering the fact that often the main security breach is the
> human being. So what if someone can use your account: if you set a
> poorly secure password like most people; or if your Jabber client
> connects automatically on your main computer and gave access to this to
> someone; or simply when you leave your desktop 5 minutes without
> unconnecting from Jabber (forgetting this account is so sensible), etc. 
> Many security attacks rely on the human flaws (unless you are
> paranoid).

You can not prevent a stupid user. But the XMPP server account
password is totally useless since the network does not trust the
server. But if I have a main control app on my laptop running and you
get access to my laptop ... well, you have access.


Thanks for the feedback.


Dirk

-- 
This fortune would be seven words long if it were six words shorter.




More information about the Standards mailing list