[jdev] manifesto 0.4

Dave Cridland dave at cridland.net
Thu Nov 7 20:49:01 UTC 2013 

On Thu, Nov 7, 2013 at 7:50 PM, Alexander Holler <holler at ahsoftware.de>wrote:

> Sure, therefor I'm here and speak against the requirement for TLSv1.2. The
> manifesto sounds like it might be a good idea to enforce that requirement
> on the S2S too, and that clearly isn't what should be done in my opinion.
>

There is actually no requirement for TLSv1.2 in the manifesto; there is in
the Internet Draft, though. The manifesto just says to prefer it.


> I now could start to talk about the questionable requirement for "trusted"
> certificates (whatever that should be) or DNSSEC (which I see as a red
> button in the hand of a foreign, not that friendly, government, which for
> sure doesn't care about me), but I think it's better not to start such a
> discussion here.
>
>
It says:

o deploy certificates issued by well-known and widely-deployed
   certification authorities (CAs)

There's nothing about DNSSEC, and the word "trusted" does not appear either
- I doubt it means what you think in this case anyway.

What this does mean, in practise, is certificates that a typical end-user
or server is likely to be able to authenticate (ie, those issued by a
common trust anchor). That's all.


> I already seem to be pretty alone with letting the user choose  what he
> thinks he needs (I'm pretty in support of encouraging strong encryption,
> just not of _requiring_ it, at least not now).
>
>
Then you're not in favour of the manifesto, don't feel it's realistic, and
don't want to sign. And that's OK.


>
>  In any case, the attack vector here isn't that the NSA or GCHQ are
>> targetting you specifically. It's that they're targetting everyone, and
>> keeping that information around in case they need it later. This is why
>> we're suggesting encrypting everything, and with PFS, so that it's
>> worthless, and so they *need* to target you to snoop on you.
>>
>
> I know that all that (don't misinterpret the fact that I've forgotten that
> DH is supported by openssl since a long time), but I wouldn't use my server
> for any communication I want to be secret. At least not for stuff which
> isn't p2p encrypted (and XMPP usually is not).
>

I think you're missing the point. Try s/secret/private/ on your paragraph
and see if it holds true then.

The problem we're facing is that we used to use TLS for secrecy and
authentication, whereas we are undergoing a sea-change where TLS is now
primarily useful for privacy.

Since dragnet surveillance targets internet connections and key service
providers, if we encrypt every XMPP connection, that same surveillance
would require someone to directly attack your server, or that of your
contact. PFS is important here because otherwise, an attacker can log all
your traffic along with everyone else's and then, when they need something
against you specifically, grab your private key and take a look at what
they caught. I'd refer to this as "trolling" if it weren't a term already
taken.

The manifesto says that the undersigned are committing to encrypt every
connection with best practise encryption, including PFS, and authenticate
all S2S with something rather less than best practise PKI. (No mention of
CRLs, OCSP stapling, etc). Of the two aspects, I'd cheerfully drop the
authentication aspects, frankly, but we're setting a fairly low bar there.

If not enough people sign it'll need re-evaluating, and if the trials show
serious interop or connectivity issues, then that, too, will cause a
re-think. But we'll find this stuff out as we go, not by lowering the bar
before we've begun.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20131107/7e34d362/attachment.html>

More information about the JDev mailing list