IETF Logo Mail Archive

Re: [xmpp] Self Introduction

Jon Kristensen <info@jonkri.com> Wed, 27 February 2013 23:20 UTC

Return-Path: <jon.kristensen@nejla.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2870321F8845 for <xmpp@ietfa.amsl.com>; Wed, 27 Feb 2013 15:20:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.167
X-Spam-Level:
X-Spam-Status: No, score=0.167 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_LH_LD=1.215, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wPUZItXB4uKp for <xmpp@ietfa.amsl.com>; Wed, 27 Feb 2013 15:20:06 -0800 (PST)
Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id C4D9A21F874E for <xmpp@ietf.org>; Wed, 27 Feb 2013 15:20:05 -0800 (PST)
Received: by mail-la0-f42.google.com with SMTP id fe20so1172022lab.1 for <xmpp@ietf.org>; Wed, 27 Feb 2013 15:20:04 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding:x-gm-message-state; bh=l6R1tDti9LQeJ+qHniOhpOAjGrGwiSnSvk82hg/i+y0=; b=fPZk0u2/xv+imNa8mWy5Fd2ngum2HgLZJXE5K/V5OJ5GJgxXWnq2pkjSF2ggQ9gPO2 0mvpzLBMOR0WKscoc6rCbvBjuL7XJRLP0GQm8LJWYEJxBF1q3t6JX0RHzvOWtzR3XIDa 2K+DOazI5xlRhFtMUZ3Jp+GATtOA/ifmKYDjQCh/Y63pUdZsGzwubURbnZJ5AuFNdXVB bsLR+4JuXV+5WH4+ptPKPZx11s5HXjmWcwlIVK5QonwOSI/rdXA9P3usKUY+13cvlYBb 6+2IvbGvEdAVywjLrJMqyG6JUEVDFc+14ONS3/7ABxL5gvBF2Aouem23/iAhY2RldiS4 w1sA==
X-Received: by 10.112.26.33 with SMTP id i1mr2797524lbg.96.1362007204331; Wed, 27 Feb 2013 15:20:04 -0800 (PST)
Received: from localhost.localdomain ([94.234.185.66]) by mx.google.com with ESMTPS id k15sm2274218lbd.6.2013.02.27.15.20.03 (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 27 Feb 2013 15:20:03 -0800 (PST)
Message-ID: <512E94A2.8000900@jonkri.com>
Date: Thu, 28 Feb 2013 00:20:02 +0100
From: Jon Kristensen <info@jonkri.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130219 Thunderbird/17.0.3
MIME-Version: 1.0
To: Richard Barnes <rlb@ipv.sx>
References: <512CC832.1060702@jonkri.com> <CAL02cgSZ0kp2Ou750cVVDJxV_7t0DNsB+wBH_D2V8RsvF1DZiw@mail.gmail.com>
In-Reply-To: <CAL02cgSZ0kp2Ou750cVVDJxV_7t0DNsB+wBH_D2V8RsvF1DZiw@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Gm-Message-State: ALoCoQl5sXrv6yt0bBXjvrh4IjygOnEhJ01sjqhYmGIm2lW6TJsc5/38BqRd5XjGLMJxCC6Ruyzp
Cc: xmpp@ietf.org
Subject: Re: [xmpp] Self Introduction
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2013 23:23:30 -0000

Hi Richard, and thank you for your question!

I may be wrong - I only skimmed through it, but the way I understand 
that specification, it's using public-key cryptography is used to 
encrypt and decrypt the messages. If this is the case, it would mean 
that the protocol does not offer repudiability; if Alice sends a message 
to Bob, Bob can prove that Alice (or, at least, someone with access to 
Alice's private key) has authored a message. In most off-the-record 
conversations, this would not be desirable. What OTR does is negotiates 
a shared secret (symmetric key), which is then used to encrypt and 
decrypt the messages. What this means is that Bob, having access to the 
encryption key, could have just as easily produced the message. Hence, 
Alice can deny that she authored the message in the first place.

Furthermore, the negotiation of a shared secret is continuously repeated 
in OTR in order to allow for forward secrecy. This prevents previous 
session keys from being compromised if the (long-term) private key 
happens to get compromised. I think this is another important security 
feature to keep in mind.

Best,
Jon Kristensen

On 02/27/2013 07:30 PM, Richard Barnes wrote:
> Any comments on draft-miller-xmpp-e2e?
> <http://tools.ietf.org/html/draft-miller-xmpp-e2e>

v2.23.0 | Report a Bug | By Email