Re: [xmpp] End-to-end encryption
Matthew Miller <mamille2@cisco.com> Tue, 29 June 2010 04:28 UTC
Return-Path: <mamille2@cisco.com>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 14B7B3A6848 for <xmpp@core3.amsl.com>; Mon, 28 Jun 2010 21:28:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.399
X-Spam-Level:
X-Spam-Status: No, score=-3.399 tagged_above=-999 required=5 tests=[BAYES_50=0.001, J_CHICKENPOX_31=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NqOySMB+dQtI for <xmpp@core3.amsl.com>; Mon, 28 Jun 2010 21:28:54 -0700 (PDT)
Received: from gw2.webex.com (gw2.webex.com [64.68.122.209]) by core3.amsl.com (Postfix) with SMTP id 2E1B73A67A5 for <xmpp@ietf.org>; Mon, 28 Jun 2010 21:28:54 -0700 (PDT)
Received: from SRV-EXSC03.webex.local ([192.168.252.197]) by gw2.webex.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 28 Jun 2010 21:29:04 -0700
Received: from sjc-vpn3-1513.cisco.com ([10.21.69.233]) by SRV-EXSC03.webex.local with Microsoft SMTPSVC(6.0.3790.4675); Mon, 28 Jun 2010 21:19:18 -0700
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="us-ascii"
From: Matthew Miller <mamille2@cisco.com>
In-Reply-To: <F9B2FC77-1366-48DA-A1E5-154606E6C6DD@nostrum.com>
Date: Mon, 28 Jun 2010 22:19:17 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <E75564B2-0E9F-480A-BDC6-0FD9662582BC@cisco.com>
References: <F9B2FC77-1366-48DA-A1E5-154606E6C6DD@nostrum.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.1081)
X-OriginalArrivalTime: 29 Jun 2010 04:19:18.0984 (UTC) FILETIME=[3E3FCC80:01CB1742]
Cc: XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] End-to-end encryption
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jun 2010 04:28:55 -0000
On Jun 28, 2010, at 16:28, Ben Campbell wrote: > [as co-chair] > > The XMPP charter has a milestone determining a direction for end-to-end encryption. Matt and Peter submitted draft-miller-3923bis back in March. There's been very little discussion of it since then. > > Have people read and understood this draft? If so, do you think this should be the basis for going forward on end-to-end encryption? Note that this doesn't mean we consider the draft perfect as is--just that we think it's a good starting point. Ben Schumacher and I met in person to talk about some of the things we were discussing on list earlier. The result will be -02, which I hope to get submitted very soon. The nutshell of the process we came up with is: 1) Generate timestamp TS = RFC3339 datetime of (now) 2) UTF8 encode stanza (S). This is necessary for signing S' = utf8(S) 3) Create plain envelope; prepare for encryption E = <plain xmlns='urn:ietf:params:xml:ns:xmpp-objenc:0' timestamp='{TS}'> {base64(S')} </plain> E' = utf8(E) 4) Encrypt with Block Cipher R = <cipher session key> T = block-encrypt(R, E') T' = base64(T) 5) Generate MAC (using T as the salt, R as the message) M = mac(T, R) M' = base64(M) 6) Protect block cipher session key V = pki-encrypt(pub(K), R) V' = base64(V) 7) Construct container <e2e/> C = <e2e xmlns='urn:ietf:params:xml:ns:xmpp-objenc:0'> <key cipher-algo='<PKI cipher algorithm>'> {V'} </key> <data cipher-algo='<block cipher algorithm>'> mac-algo='<mac algorithm>' hash='{M'}'> {T'} </data> </e2e> 8) Construct sending stanza (D); include C as child of D D = <message xmlns='jabber:client' to='romeo@montegue.net' type='chat'> <e2e xmlns='urn:ietf:params:xml:ns:xmpp-objenc:0'> <key cipher-algo='<PKI cipher algorithm>'> {V'} </key> <data cipher-algo='<block cipher algorithm>'> mac-algo='<mac algorithm>' hash='{M'}'> {T'} </data> </e2e> </message> The biggest complaint we had with the above is that XML is serialized/parsed 3 times; but I don't know how we can avoid that unless we ignore signing entirely, which is something we're interested in. Comments and questions welcome... - m&m
- [xmpp] End-to-end encryption Ben Campbell
- Re: [xmpp] End-to-end encryption Matthew Miller
- Re: [xmpp] End-to-end encryption Jonathan Schleifer
- Re: [xmpp] End-to-end encryption Peter Saint-Andre
- Re: [xmpp] End-to-end encryption Jonathan Schleifer
- Re: [xmpp] End-to-end encryption Peter Saint-Andre
- Re: [xmpp] End-to-end encryption Jonathan Schleifer
- Re: [xmpp] End-to-end encryption Sean Turner
- Re: [xmpp] End-to-end encryption Richard L. Barnes
- Re: [xmpp] End-to-end encryption Ben Campbell
- Re: [xmpp] End-to-end encryption Peter Saint-Andre
- Re: [xmpp] End-to-end encryption Sean Turner
- Re: [xmpp] End-to-end encryption Ben Campbell