IETF Logo Mail Archive

Re: [xmpp] Clarification of TLS Identity checking in draft-ietf-xmpp-3920bis

Stef Walter <stefw@collabora.co.uk> Wed, 16 March 2011 09:38 UTC

Return-Path: <stefw@collabora.co.uk>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9ADAF3A68C9 for <xmpp@core3.amsl.com>; Wed, 16 Mar 2011 02:38:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.298
X-Spam-Level:
X-Spam-Status: No, score=-2.298 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_83=0.6, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nYWPm8gjih0J for <xmpp@core3.amsl.com>; Wed, 16 Mar 2011 02:38:36 -0700 (PDT)
Received: from bhuna.collabora.co.uk (bhuna.collabora.co.uk [93.93.128.226]) by core3.amsl.com (Postfix) with ESMTP id 414E23A68C4 for <xmpp@ietf.org>; Wed, 16 Mar 2011 02:38:36 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: stefw) with ESMTPSA id 848FB6030E4
Message-ID: <4D808570.20405@collabora.co.uk>
Date: Wed, 16 Mar 2011 10:40:00 +0100
From: Stef Walter <stefw@collabora.co.uk>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.14) Gecko/20110223 Thunderbird/3.1.8
MIME-Version: 1.0
To: Peter Saint-Andre <stpeter@stpeter.im>
References: <C9A3FBEC.4D471%joe.hildebrand@webex.com> <4D7EA297.1020304@babelmonkeys.de> <4D7ED1C8.4050201@stpeter.im>
In-Reply-To: <4D7ED1C8.4050201@stpeter.im>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: xmpp@ietf.org
Subject: Re: [xmpp] Clarification of TLS Identity checking in draft-ietf-xmpp-3920bis
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2011 09:38:37 -0000

Hmmm, thunderbird hid this thread inside of an unrelated one :/

On 03/15/2011 03:41 AM, Peter Saint-Andre wrote:
> So yes, it is true that in some circumstances a user might configure his
> IM client with two things:
> 
> 1. The domain name of the application service, which is the domainpart
> of his JID, such as romeo@montague.lit => montague.lit; this is the
> "source domain".
> 
> 2. A "hardcoded" hostname that he has explicitly assocated with the
> domainpart of your JID, such as apps.shakespeare.lit; this is the
> "target domain".
> 
> However, for the purposes of checking the identity of the application
> service when connecting via TLS, Romeo's client would check to see that
> the service presents a certificate that says it is "montague.lit"
> (unless he overrides the checks or explicitly approve of connecting to
> "apps.shakesepeare.lit").
> 
> Please understand that 99% of users will never see such a configuration
> option and that they don't know anything about apps.shakespeare.lit or
> some special hostname that they're connecting to -- all that they know
> is that they're trying to connect to montague.lit (if they even know
> this, because lots of people just think that they're trying to connect
> to "Shakespeare" or even "that IM thing" -- if you doubt it, I recommend
> that you run your own public IM service, because it can be quite
> enlightening).

Sadly this isn't a corner case. It's the case with widely deployed XMPP
systems such as Google talk, which uses virtual hosting extensively as
part of google apps. And it seems that many XMPP clients take a
"hardcoded" or configured hostname into account when verifying the
certificate.

The Google Talk certificate does not contain the domainpart of the JID
at all, and contains the "hardcoded" hostname instead. In this setup
there are tens of thousands of different XMPP domains all using the same
certificate.

This may seem strange, broken or annoying but represents a massive
deployment. So it turns out that far more users than you might expect
will see such a configuration option, and will see these certificate
warnings.

>From a security perspective the hardcoded or configured hostname is user
input and can be used in identity checks. So client app developers have
two options:

 * Throwing up a "cop out" certificate dialog and tossing the entire
   security decision in the lap of the user.

 * Using all the user's input (not just the JID) to generate reference
   identifiers to use to verify the certificate.

If these were corner cases, and 99% of users would never run into this,
then I'd tend to agree with you, but this is a widely deployed
configuration on virtually hosted XMPP servers.

Cheers,

Stef

v2.23.0 | Report a Bug | By Email