[jdev] manifesto & DANE does not cut it

[Ralf Skyper Kaiser]

Hi


On Tue, Nov 19, 2013 at 11:37 AM, Simon Tennant <simon at buddycloud.com>wrote:

> I don't think anyone here is advocating for downgrading security or not
> respecing human rights.
>
> I do think that we're being pretty sanguine about not letting the perfect
> become the enemy of the good and incrementally upgrading XMPP's security.
>
> Good security is based on layering trust and trust points being open to
> inspection. DNS is about as open as you can get and comes with a pretty
> good "api". I'd expect that services like the SSL Observatory start
> offering a service that inspects DNSSEC records. And publish any oddities.
>
> Regarding having to trust the owner of . changing keys, presumably pinning
> the root key would mean that you would notice it changing? DNSSEC would let
> you could pin any other keys in your app and notice them changing.
>
> Nevertheless, Tony makes a good point: a cut in the namespace would be
> pretty obvious to all.
>

No it would not. This is the wrong assumption. The ROOT or the TLD KEY can
be (ab)used to perform a active attack. Nobody but the targeted user would
see the changed public key and then it would vanish.

This attack and vulnerability in the TLS authentication has been recognized
by all major browser manufactures. Pinning (on top of DNSSEC) is being
implemented as we speak. Why jabber tries so hard of being less secure than
the web browser is a mystery to me.

regards,

ralf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20131119/8a23ab05/attachment.html>