Re: [xmpp] 3920bis: truth in advertising
Peter Saint-Andre <stpeter@stpeter.im> Mon, 18 October 2010 22:17 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: xmpp@core3.amsl.com
Delivered-To: xmpp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CC58D3A6C0D for <xmpp@core3.amsl.com>; Mon, 18 Oct 2010 15:17:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.563
X-Spam-Level:
X-Spam-Status: No, score=-102.563 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GTxDyMx2vrKE for <xmpp@core3.amsl.com>; Mon, 18 Oct 2010 15:17:53 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 471203A6AB6 for <xmpp@ietf.org>; Mon, 18 Oct 2010 15:17:53 -0700 (PDT)
Received: from squire.local (dsl-179-124.dynamic-dsl.frii.net [216.17.179.124]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 33AD640074; Mon, 18 Oct 2010 16:26:38 -0600 (MDT)
Message-ID: <4CBCC7E9.6060603@stpeter.im>
Date: Mon, 18 Oct 2010 16:19:21 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.9) Gecko/20100915 Thunderbird/3.1.4
MIME-Version: 1.0
To: "Richard L. Barnes" <rbarnes@bbn.com>
References: <4CBCB948.6030402@stpeter.im> <52ED8365-D0C1-4C2D-BCDC-83F454A40828@bbn.com> <4CBCC45E.7080001@stpeter.im> <43EB8829-33D3-4C86-94B6-92FF5A1B0748@bbn.com>
In-Reply-To: <43EB8829-33D3-4C86-94B6-92FF5A1B0748@bbn.com>
X-Enigmail-Version: 1.1.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms020300050005080008020704"
Cc: XMPP <xmpp@ietf.org>
Subject: Re: [xmpp] 3920bis: truth in advertising
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2010 22:17:54 -0000
Ah, so much is captured in that little word "should". :) But seriously, we could add an informative reference to: http://tools.ietf.org/html/draft-ietf-xmpp-e2e-requirements Which is, itself, expired! But we'll restart that work once we've completed our revisions to 3920/3921, I'd imagine... On 10/18/10 4:10 PM, Richard L. Barnes wrote: > Well, ok, but it still seems like there should be *something* positive > to say :) Maybe you could say what sort of thing would need to be > implemented, e.g., object encryption of stanzas or some sort of secure > channel riding on top of the various XMPP streams. > > > > On Oct 18, 2010, at 6:04 PM, Peter Saint-Andre wrote: > >> Potential solutions? There are so many! In roughly chronological order >> they are: >> >> 1. XEP-0027 >> >> 2. RFC 3923 >> >> 3. Off-The-Record Messaging (not XMPP-specific) >> >> 4. XEP-0116 >> >> 5. xmlenc / xmldsig (supposedly in use but never documented) >> >> 6. draft-meyer-xmpp-e2e-encryption >> >> 7. draft-miller-3923bis >> >> 8. XEP-0285 >> >> I realize that the great thing about standards is that there are so many >> to choose from, but this is getting ridiculous. I'd prefer not to point >> out this embarrassment of failures. :) >> >> On 10/18/10 3:44 PM, Richard L. Barnes wrote: >>> As someone who is scheduled to do a SECDIR review on this document, that >>> makes sense to me. It clearly documents what you do and don't get from >>> the TLS protections in XMPP (in the 3920bis sense). The one thing you >>> might add is pointer(s) to some of the potential solutions, e.g., RFC >>> 3923 or maybe XEP-0285. >>> >>> --Richard >>> >>> >>> On Oct 18, 2010, at 5:16 PM, Peter Saint-Andre wrote: >>> >>>> Something has been nagging at me. In 3920bis we talk about how TLS >>>> helps >>>> to ensure confidentiality and integrity at the stream level, but we >>>> don't mention that per-stream encryption does not ensure end-to-end >>>> protection of stanzas. I think it would be appropriate to call out that >>>> fact so we don't lead people astray (and I would expect the reviewer >>>> from the security directorate to do so anyway, so we might as well be >>>> proactive). Here is proposed text for a new security note that I >>>> suggest >>>> we add to Section 13.4 ("Confidentiality and Integrity"): >>>> >>>> Security Note: The use of TLS in XMPP applies to a single stream. >>>> Because XMPP is typically deployed using a distributed client- >>>> server architecture (as explained under Section 2.5), a stanza >>>> might traverse multiple streams, and not all of those streams >>>> might be TLS-protected. For example, a stanza sent from a client >>>> with a session at one server (e.g., <romeo@example.net/orchard>) >>>> and intended for delivery to a client with a session at another >>>> server (e.g., <juliet@example.com/balcony>) will traverse three >>>> streams: the stream from the sender's client to its server, the >>>> stream from the sender's server to the recipient's server, and the >>>> stream from the recipient's server to the recipient's client. >>>> Furthermore, the stanza will be processed as cleartext within the >>>> sender's server and the recipient's server. Therefore, even if >>>> the stream from the sender's client to its server is protected, >>>> the confidentiality and integrity of a stanza sent over that >>>> protected stream cannot be guaranteed when the stanza is processed >>>> by the sender's server, sent from the sender's server to the >>>> recipient's server, processed by the recipient's server, or sent >>>> from the recipient's server to the recipient's client. Only a >>>> robust technology for end-to-end encryption could ensure the >>>> confidentiality and integrity of a stanza as it traverses all of >>>> the "hops" along a communication path. Unfortunately, the XMPP >>>> community has so far failed to produce an end-to-end encryption >>>> technology that might be suitable for widespread implementation >>>> and deployment, and definition of such a technology is out of >>>> scope for this document. >>>> >>>> /psa >>>>
- [xmpp] 3920bis: truth in advertising Peter Saint-Andre
- Re: [xmpp] 3920bis: truth in advertising Richard L. Barnes
- Re: [xmpp] 3920bis: truth in advertising Peter Saint-Andre
- Re: [xmpp] 3920bis: truth in advertising Richard L. Barnes
- Re: [xmpp] 3920bis: truth in advertising Peter Saint-Andre
- Re: [xmpp] 3920bis: truth in advertising Justin Karneges
- Re: [xmpp] 3920bis: truth in advertising Peter Saint-Andre
- Re: [xmpp] 3920bis: truth in advertising Dave Cridland