Re: [xmpp] Position Paper on Strengthening XMPP
Philipp Hancke <fippo@goodadvice.pages.de> Thu, 16 January 2014 06:42 UTC
Return-Path: <fippo@goodadvice.pages.de>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 944F41AE2C6 for <xmpp@ietfa.amsl.com>; Wed, 15 Jan 2014 22:42:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FJ7jFzQVXzmi for <xmpp@ietfa.amsl.com>; Wed, 15 Jan 2014 22:42:35 -0800 (PST)
Received: from lo.psyced.org (lost.IN.psyced.org [188.40.42.221]) by ietfa.amsl.com (Postfix) with ESMTP id 554731AE22E for <xmpp@ietf.org>; Wed, 15 Jan 2014 22:42:35 -0800 (PST)
Received: from [192.168.2.101] (p54973969.dip0.t-ipconnect.de [84.151.57.105]) (authenticated bits=0) by lo.psyced.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id s0G6gLjw005270 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <xmpp@ietf.org>; Thu, 16 Jan 2014 07:42:22 +0100
Message-ID: <52D77F46.9080901@goodadvice.pages.de>
Date: Thu, 16 Jan 2014 07:42:14 +0100
From: Philipp Hancke <fippo@goodadvice.pages.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: xmpp@ietf.org
References: <52D6D846.7060607@stpeter.im>
In-Reply-To: <52D6D846.7060607@stpeter.im>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [xmpp] Position Paper on Strengthening XMPP
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jan 2014 06:42:38 -0000
Am 15.01.2014 19:49, schrieb Peter Saint-Andre: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have submitted an initial version of a position paper about > strengthening XMPP for the W3C/IAB workshop to be held before IETF 89: > > http://datatracker.ietf.org/doc/draft-saintandre-strint-workshop-xmpp/ > > https://www.w3.org/2014/strint/ > > The document is a bit of a stub, so I would love to receive some > feedback in the next 48 hours. I'll then submit a revised I-D for > formal consideration by the workshop committee. Looks good in general. I think it would make sense to note that XMPP does not attempt to hide / protect communication metadata. That's just the way it is. There might be some techniques (based on servers adding a from to a stanza before sending it out or xep-0198 acks) to make length-based guessing harder by adding a different padding on different streams. But I don't expect those to effectively counter any sophisticated attack due to lack of randomness. philipp
- [xmpp] Position Paper on Strengthening XMPP Peter Saint-Andre
- Re: [xmpp] Position Paper on Strengthening XMPP Dave Cridland
- Re: [xmpp] Position Paper on Strengthening XMPP Peter Saint-Andre
- Re: [xmpp] Position Paper on Strengthening XMPP Philipp Hancke