[jdev] manifesto 0.4

Alexander Holler holler at ahsoftware.de
Thu Nov 7 22:02:10 UTC 2013 

Am 07.11.2013 21:49, schrieb Dave Cridland:
> On Thu, Nov 7, 2013 at 7:50 PM, Alexander Holler <holler at ahsoftware.de>wrote:

>> I now could start to talk about the questionable requirement for "trusted"
>> certificates (whatever that should be) or DNSSEC (which I see as a red
>> button in the hand of a foreign, not that friendly, government, which for
>> sure doesn't care about me), but I think it's better not to start such a
>> discussion here.
>>
>>
> It says:
>
> o deploy certificates issued by well-known and widely-deployed
>     certification authorities (CAs)

For me that reads like well-known and widely-deployed CAs are trustworthy.

And I don't see any reason to trust any certificate I haven't proved 
myself and which isn't under my control. The CA system is imho totally 
broken, especially because some governments seem to have all the keys or 
are able to get the keys without anyone else having a chance to notice 
that (or even beeing notified). So they are able to clone certificates 
and thus they are able to become a perfect man-in-the-middle. So there 
is no reason left to trust any certificate from any CA, especially if 
that CA isn't in your country (where you might have a chance to be 
protected by the law you live under).

> Since dragnet surveillance targets internet connections and key service
> providers, if we encrypt every XMPP connection, that same surveillance
> would require someone to directly attack your server, or that of your
> contact. PFS is important here because otherwise, an attacker can log all
> your traffic along with everyone else's and then, when they need something
> against you specifically, grab your private key and take a look at what
> they caught. I'd refer to this as "trolling" if it weren't a term already
> taken.
>
> The manifesto says that the undersigned are committing to encrypt every
> connection with best practise encryption, including PFS, and authenticate
> all S2S with something rather less than best practise PKI. (No mention of
> CRLs, OCSP stapling, etc). Of the two aspects, I'd cheerfully drop the
> authentication aspects, frankly, but we're setting a fairly low bar there.

That's all a good thing and I support that. But to repeat myself:
--------
Not exactly the same, but I don't like the part

"or require cipher suites that enable forward secrecy"

for the same reason.
--------
(that's how I've entered this discussion)

I did left out the part of the sentence before that *require* for a good 
reason. I'm only against making it an requirement on the S2S side 
because that would affect everyone who want to send a message to someone 
else in the XMPP world.

Nothing else. I'm not against security, I'm not against strong 
encryption, I'm not against privacy. In fact I'm in strong favor of 
security, strong encryption and privacy and take everone of those very 
serious. Even if most people here want to imply something else.

But I think it's already time to quit this discussion, it just became 
too senseless to continue.

Alexander Holler

More information about the JDev mailing list