[JDEV] Encrypted xml transfer, was servers specifying from fields

Thomas Muldowney temas at box5.net
Tue Mar 6 15:07:21 CST 2001 

The large problem is wherein you lay your trust.  If you trust the server then
SSL and other symmetric ciphers work great, but if you feel you cannot trust the
server then they fail miserably.  With jabber you've compounded the problem by
having the multiple servers.  If you can't guarantee a SSL connection between
every hop of message delivery you have a trust issue.  Especially if the server
is blindly routing the data (which it should partially do, we've designed a 
router here anyway).  So having different methods is a must.  We've had lengthy
and wholesome conversation over this in the jdev chat channel.  I'd be happy
to do it again =)

--temas

On Mon, Mar 05, 2001 at 11:30:03PM -0600, mark at mjwilcox.com wrote:
> I've been reading this thread back and forth and boys, you need to 
> go do a lot of reading first. Don't reinvent the #%@! wheel. In 
> particular read Schneir's Applied Crypto and Secrets & Lies, plus 
> the docs on the AES standard as well as the docs on SSL/TLS 
> (there's also a good book on it, don't have it inf front of me, but it's 
> the only one on Amazon :).
> 
> You're down the right track. Symetric encryption (used by DES and 
> Rijndael) is much more effecient than Asymetric (used by Public 
> Key encryption such as PGP or X.509), but you do have a problem: 
> how to share the key. 
> 
> SSL has the same situation. The way SSL solves it is to use PK 
> (through the use of X.509 certificates) to authenticate the session 
> (at least the server must authenticate itself, the client auth is 
> optional). Then the server sends a random key to be used 
> (normally this is 3DES or RC4, but Rijndael would be a better 
> choice). 
> 
> Another way to negoitate the key is to use Diffie-Hellman protocol, 
> but that's almost as much overhead as using PK & not nearly as 
> secure.
> 
> If you were using a totally stream based system and could 
> negotiate a key, then Blowfish would be a better choice. 
> 
> You could use SSL to negotiate a session between two parties but 
> there's no gurantee that you're on the same server (at least with 
> HTTP based XML-RPC you know the app is on the same server). 
> Thus if you want the speed of symetric with Jabber, you're probably 
> better off setting up a protocol that uses a secure timestamp to 
> note latency (ie. say the session is considered over if we don't hear 
> anything after x seconds) OR use presence to denote session 
> (session is over once either client denotes not-available). Use PGP 
> or X.509 cert to verify one another. Then exchange the key. then 
> use a symetric encryption to perform the application encryption.
> 
> However, SSL or simple message based PK is going to be fine 
> 99% of the time. Most people don't want hard-core encryption, they 
> just want to know that the majority of the world can't read their 
> messages without going through a lot of trouble. And a lot of 
> people would really just settle with knowing who they were talking 
> to ( alot of spam would simply stop if we required signed email), 
> and encryption can come or go.
> 
> Plus Jabber (and other XML-RPC protocols) are just transport 
> layers. while they should have some type of encryption in them, 
> applications built on-top of them will require their own particular 
> security. That's the 1% standard SSL and PK won't contain. But 
> the good news there's plenty of $$ to be mined in them thar hills :).
> 
> If you really want to see how encryption should really work in a 
> program, check out Groove (www.groove.net). It uses X.509 as the 
> default. You don't turn it on. You can't turn it off. It's seemless. 
> Groove is what the future should be. :). Oh, Groove was designed 
> by Ray Ozzie who created Lotus Notes and was fighting crypto 
> battles before most of this list was in grade school (or even born, 
> though that makes *me* feel old :).
> 
> Mark
> 
> 
> 
> 
> Mark Wilcox
> mark at mjwilcox.com
> Got LDAP?
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20010306/2fa2901d/attachment-0002.pgp>

More information about the JDev mailing list