Re: [xmpp] New(ish) draft: Secure Messaging in XMPP

[Thijs Alkemade <thijs@xnyhps.nl>]

> On 23 okt. 2015, at 23:18, Adam Roach <adam@nostrum.com> wrote:
> 
> XMPP folks:
> 
> Martin and I put together a proposal for an approach that allows for end-to-end encrypted XMPP conversations, including in the presence of MUC. Although not a completely implementable spec, this should give a good idea about the direction we have in mind:
> 
> https://tools.ietf.org/html/draft-thomson-xmpp-secure-00
> 
> Anyone interested in this work should give it a read and provide feedback. In particular, I'm curious if anyone interested in implementing this kind of thing has requirements can't be addressed with the high-level approach we're describing.
> 
> Thanks!
> 
> /a

Hi Adam,

I've read through the draft, and there are still some things unclear to me.

Forward secrecy is never mentioned. From the design, I can't tell if it was a
requirement. The symmetric key that is generated in §6.2 can be decrypted by
anyone who has a log of all stanzas and the private Diffie-Hellman key of either
party. The symmetric key has a limited lifetime, but that is not enough if the
DH keys do not expire and I don't see the document mention that they do.

The support for offline messaging is also a bit unclear to me. §6.4 suggests
that a client can send a Symmetric Key Advertisement to a client that is
currently offline. But how would the sender obtain the DH public key for the
recipient if that key is advertised using presence (as stated in §6.1)? The
receiving client would also need to wait for the sender to be online to obtain
its DH public key before it can decrypt the key. (And the sender would be unable
to change their DH key until all advertisements have been acknowledged,
destroying forward secrecy.)

To be honest, I think the current OMEMO draft, while not perfect, matches my
requirements a lot better.

Regards,
Thijs