Re: [xmpp] End-to-end encryption
Matthew Miller <mamille2@cisco.com> Tue, 29 June 2010 04:28 UTC
Return-Path: <mamille2@cisco.com>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 14B7B3A6848 for <xmpp@core3.amsl.com>; Mon, 28 Jun 2010 21:28:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.399
X-Spam-Level:
X-Spam-Status: No, score=-3.399 tagged_above=-999 required=5 tests=[BAYES_50=0.001, J_CHICKENPOX_31=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NqOySMB+dQtI for <xmpp@core3.amsl.com>; Mon, 28 Jun 2010 21:28:54 -0700 (PDT)
Received: from gw2.webex.com (gw2.webex.com [64.68.122.209]) by core3.amsl.com (Postfix) with SMTP id 2E1B73A67A5 for <xmpp@ietf.org>; Mon, 28 Jun 2010 21:28:54 -0700 (PDT)
Received: from SRV-EXSC03.webex.local ([192.168.252.197]) by gw2.webex.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 28 Jun 2010 21:29:04 -0700
Received: from sjc-vpn3-1513.cisco.com ([10.21.69.233]) by SRV-EXSC03.webex.local with Microsoft SMTPSVC(6.0.3790.4675); Mon, 28 Jun 2010 21:19:18 -0700
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="us-ascii"
From: Matthew Miller <mamille2@cisco.com>
In-Reply-To: <F9B2FC77-1366-48DA-A1E5-154606E6C6DD@nostrum.com>
Date: Mon, 28 Jun 2010 22:19:17 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <E75564B2-0E9F-480A-BDC6-0FD9662582BC@cisco.com>
References: <F9B2FC77-1366-48DA-A1E5-154606E6C6DD@nostrum.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.1081)
X-OriginalArrivalTime: 29 Jun 2010 04:19:18.0984 (UTC) FILETIME=[3E3FCC80:01CB1742]
Cc: XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] End-to-end encryption
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jun 2010 04:28:55 -0000
On Jun 28, 2010, at 16:28, Ben Campbell wrote:
> [as co-chair]
>
> The XMPP charter has a milestone determining a direction for end-to-end encryption. Matt and Peter submitted draft-miller-3923bis back in March. There's been very little discussion of it since then.
>
> Have people read and understood this draft? If so, do you think this should be the basis for going forward on end-to-end encryption? Note that this doesn't mean we consider the draft perfect as is--just that we think it's a good starting point.
Ben Schumacher and I met in person to talk about some of the things we were discussing on list earlier. The result will be -02, which I hope to get submitted very soon. The nutshell of the process we came up with is:
1) Generate timestamp
TS = RFC3339 datetime of (now)
2) UTF8 encode stanza (S). This is necessary for signing
S' = utf8(S)
3) Create plain envelope; prepare for encryption
E = <plain xmlns='urn:ietf:params:xml:ns:xmpp-objenc:0'
timestamp='{TS}'>
{base64(S')}
</plain>
E' = utf8(E)
4) Encrypt with Block Cipher
R = <cipher session key>
T = block-encrypt(R, E')
T' = base64(T)
5) Generate MAC (using T as the salt, R as the message)
M = mac(T, R)
M' = base64(M)
6) Protect block cipher session key
V = pki-encrypt(pub(K), R)
V' = base64(V)
7) Construct container <e2e/>
C = <e2e xmlns='urn:ietf:params:xml:ns:xmpp-objenc:0'>
<key cipher-algo='<PKI cipher algorithm>'>
{V'}
</key>
<data cipher-algo='<block cipher algorithm>'>
mac-algo='<mac algorithm>'
hash='{M'}'>
{T'}
</data>
</e2e>
8) Construct sending stanza (D); include C as child of D
D = <message xmlns='jabber:client'
to='romeo@montegue.net'
type='chat'>
<e2e xmlns='urn:ietf:params:xml:ns:xmpp-objenc:0'>
<key cipher-algo='<PKI cipher algorithm>'>
{V'}
</key>
<data cipher-algo='<block cipher algorithm>'>
mac-algo='<mac algorithm>'
hash='{M'}'>
{T'}
</data>
</e2e>
</message>
The biggest complaint we had with the above is that XML is serialized/parsed 3 times; but I don't know how we can avoid that unless we ignore signing entirely, which is something we're interested in.
Comments and questions welcome...
- m&m
- [xmpp] End-to-end encryption Ben Campbell
- Re: [xmpp] End-to-end encryption Matthew Miller
- Re: [xmpp] End-to-end encryption Jonathan Schleifer
- Re: [xmpp] End-to-end encryption Peter Saint-Andre
- Re: [xmpp] End-to-end encryption Jonathan Schleifer
- Re: [xmpp] End-to-end encryption Peter Saint-Andre
- Re: [xmpp] End-to-end encryption Jonathan Schleifer
- Re: [xmpp] End-to-end encryption Sean Turner
- Re: [xmpp] End-to-end encryption Richard L. Barnes
- Re: [xmpp] End-to-end encryption Ben Campbell
- Re: [xmpp] End-to-end encryption Peter Saint-Andre
- Re: [xmpp] End-to-end encryption Sean Turner
- Re: [xmpp] End-to-end encryption Ben Campbell