IETF Logo Mail Archive

Re: [apps-discuss] Webfinger discussion

Peter Saint-Andre <stpeter@stpeter.im> Mon, 26 March 2012 22:30 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44F5121E801F for <apps-discuss@ietfa.amsl.com>; Mon, 26 Mar 2012 15:30:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.583
X-Spam-Level:
X-Spam-Status: No, score=-102.583 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7S8JOrVNirRk for <apps-discuss@ietfa.amsl.com>; Mon, 26 Mar 2012 15:30:42 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 94C3A21E8012 for <apps-discuss@ietf.org>; Mon, 26 Mar 2012 15:30:42 -0700 (PDT)
Received: from squire.lan (unknown [82.66.240.205]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 00F3A40058; Mon, 26 Mar 2012 16:43:42 -0600 (MDT)
Message-ID: <4F70EE0F.8090706@stpeter.im>
Date: Tue, 27 Mar 2012 00:30:39 +0200
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:11.0) Gecko/20120313 Thunderbird/11.0
MIME-Version: 1.0
To: Bob Wyman <bob@wyman.us>
References: <053201cd0b5d$c08c80f0$41a582d0$@packetizer.com> <20120326150556.GC3557@mail.yitter.info> <CAA1s49V0M7N1pLua+ORxGWmsrd_yAA_KQ0Piqjg8VuWJ5=G+Lg@mail.gmail.com>
In-Reply-To: <CAA1s49V0M7N1pLua+ORxGWmsrd_yAA_KQ0Piqjg8VuWJ5=G+Lg@mail.gmail.com>
X-Enigmail-Version: 1.4
OpenPGP: url=https://stpeter.im/stpeter.asc
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: apps-discuss@ietf.org
Subject: Re: [apps-discuss] Webfinger discussion
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Mar 2012 22:30:43 -0000

On 3/26/12 8:31 PM, Bob Wyman wrote:
> 
> 
> On Mon, Mar 26, 2012 at 11:05 AM, Andrew Sullivan
> <ajs@anvilwalrusden.com <mailto:ajs@anvilwalrusden.com>> wrote:
> 
>     On Mon, Mar 26, 2012 at 10:35:54AM -0400, Paul E. Jones wrote:
> 
>     > > Andrew Sullivan: when I was a kid, they told us to turn off
>     finger, so I'm
>     > > concerned about security
>     >
>     > That was due to the fact the finger protocol implementations had
>     security
>     > holes.  It was also possible to do things like "ln /etc/password
>     .plan" and
>     > that was a bad thing :-)
> 
>     That wasn't the only reason they told us this.  One of the things that
>     people used to worry about was that finger leaked information.  In
>     particular, it was an excellent way to identify targets for account
>     takeover: people who never logged in, and people who were in for
>     endless days and therefore whose account was probably often
>     unmonitored.
> 
> WebFinger has primarily been used for providing access to relatively
> static data rather than for the kind of dynamic "presence" information
> that finger was often used for. Thus, when folk are thinking about
> WebFinger, they are usually considering use cases like "locating a
> user's blog," or "finding a user's public key." However, there isn't
> anything in WebFinger that would prevent providing dynamic data such as
> "current location (lat/long)," "logged in state," or even "last command
> issued to bash..." (highly un-recommended!). If people did, in fact, use
> WebFinger to record such stuff, the concerns you mentioned would be
> relevant. Thus, it might make sense for the Security Considerations
> section to suggest that one should think carefully before using
> WebFinger to provide such dynamic information.

We already have protocols for such dynamic publish/subscribe features
(and those protocols include ways to authorize who can see what).
Webfinger might provide pointers to locations where one could subscribe
to dynamic data, but AFAIK it would not be used to pull the data.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

v2.23.0 | Report a Bug | By Email