[jdev] manifesto & DANE does not cut it

Thijs Alkemade thijs at xnyhps.nl
Tue Nov 19 13:24:14 UTC 2013 

On 19 nov. 2013, at 14:07, Ralf Skyper Kaiser <skyper at thc.org> wrote:

> Hi,
> 
> 
> On Tue, Nov 19, 2013 at 12:29 PM, Thijs Alkemade <thijs at xnyhps.nl> wrote:
> 
> On 19 nov. 2013, at 12:58, Ralf Skyper Kaiser <skyper at thc.org> wrote:
> 
> > Hi
> >
> >
> > On Tue, Nov 19, 2013 at 11:37 AM, Simon Tennant <simon at buddycloud.com> wrote:
> Automatic key pinning works for SSH, because private keys are rarely changed
> and people are more tech-savy than average XMPP users. If you start doing this
> for XMPP, you'll see a lot of false positives. I doubt you can convince a
> large part of the network to start using self-signed certificates valid for a
> long time. Every time a user who doesn't understand the security implications
> removes a pin, the security of the system is weakened because it makes MitM
> attacks easier. The manifesto requires software to be able to inform users
> when a certificate changes and I think this is the right approach to automatic
> pinning.
> 
> By 'average XMPP user' you mean 'average XMPP Server admin' I think.
> 
> The user only sees a new certificate if the admin chooses to create a new key on the same domain name.
> 
> The average XMPP server admin is tech-savy. I think I would go as far as saying that the average
> XMPP server admin is more tech-savy than the average apache admin - and apache/web-browsers
> are going to support pinning soon.

No, I mean average XMPP user. I claim that the percentage of SSH users that
know what it means to remove a line from ~/.ssh/known_hosts is higher than the
percentage of XMPP users that will know what it means to do the equivalent
thing in their client.

> There are enough fallbacks to help the tech-unsavy admin if he looses the key and has to create a new key:
> - Can use a new domain (jabber-1.mydomain.org becomes jabber-2.mydomain.org

This breaks all your presence subscriptions.

> - Can ask all users to reinstall the jabber client

If a server admin would ask me to do this, I’d be looking for a different
server. This would make users lose so much other data too, they'd be pissed.

> - Can ask all users to manually remove the pinned key from the client

We should make sure this is needed _very_ rarely.

> - Can use 'reverse fingerprinting' where the user can remove an old pinned key by entering the fingerprint of the new certificate.

How are they going to securely obtain the new fingerprint?

> - Backup Key (requires protocol change?)

Yes, this comes back to the point of the proposed XEP: only pin if the server
admin tells you you should pin and when the admin proves they have backup
measures set up. :)

Regards,
Thijs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20131119/43a27645/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://www.jabber.org/jdev/attachments/20131119/43a27645/attachment.pgp>

More information about the JDev mailing list