IETF Logo Mail Archive

Re: [xmpp] Self Introduction

"Matt Miller (mamille2)" <mamille2@cisco.com> Wed, 27 February 2013 19:11 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 242DD21F8930 for <xmpp@ietfa.amsl.com>; Wed, 27 Feb 2013 11:11:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FkXmDICavcMl for <xmpp@ietfa.amsl.com>; Wed, 27 Feb 2013 11:11:23 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id 7BF1921F8611 for <xmpp@ietf.org>; Wed, 27 Feb 2013 11:11:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7999; q=dns/txt; s=iport; t=1361992283; x=1363201883; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=4ckXwPu8euyhjIIBYR9ZObbE0JUT4GAS9o4c57QaQ2w=; b=X8/CEoAMKQIn7/m4QEJsnQ/2UDp6mnpwTiD1RvSIP9+KBaL29xVUWI6D KUcemicchjy6w6zeErKKSWSqFMV5S27/IyWAPA8corQiYVxU1WqgltG19 ePJHHdusXSnj2oN1l25+lAY1aNA6suO/jGay2V+X0MioB1/pyRRot4bQM E=;
X-Files: smime.p7s : 2283
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFAB9ZLlGtJXG8/2dsb2JhbABFwiZ9FnOCHwEBAQMBAQEBaAMLBQsCAQgOFCQCJQslAgQOBQgGh38GDMINjVOBEDECBYJfYQOPJoEmhxOPTIMIgXI1
X-IronPort-AV: E=Sophos; i="4.84,750,1355097600"; d="p7s'?scan'208"; a="178892622"
Received: from rcdn-core2-1.cisco.com ([173.37.113.188]) by rcdn-iport-9.cisco.com with ESMTP; 27 Feb 2013 19:11:23 +0000
Received: from xhc-aln-x02.cisco.com (xhc-aln-x02.cisco.com [173.36.12.76]) by rcdn-core2-1.cisco.com (8.14.5/8.14.5) with ESMTP id r1RJBMNS028765 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 27 Feb 2013 19:11:22 GMT
Received: from xmb-aln-x11.cisco.com ([169.254.6.203]) by xhc-aln-x02.cisco.com ([173.36.12.76]) with mapi id 14.02.0318.004; Wed, 27 Feb 2013 13:11:22 -0600
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: Jon Kristensen <info@jonkri.com>
Thread-Topic: [xmpp] Self Introduction
Thread-Index: AQHOFC6MLgMtxyNBOkuDluRd7596QJiOeK0A
Date: Wed, 27 Feb 2013 19:11:22 +0000
Message-ID: <BF7E36B9C495A6468E8EC573603ED94115152F36@xmb-aln-x11.cisco.com>
References: <512CC832.1060702@jonkri.com>
In-Reply-To: <512CC832.1060702@jonkri.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.129.24.86]
Content-Type: multipart/signed; boundary="Apple-Mail=_C8E3701B-C37C-4514-B1CD-42402B2720F2"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Cc: "<xmpp@ietf.org>" <xmpp@ietf.org>
Subject: Re: [xmpp] Self Introduction
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2013 19:11:25 -0000

[ "switching" venue for wider security review ]
[ context for XMPP WG: http://mail.jabber.org/pipermail/standards/2013-February/027167.html ]

Hello Jon,

I find this work interesting, but I also have some concerns here.  I don't expect definitive answers to all of them, but think they're worth discussion to help the working group choose a path forward.

I think there is an additional application requirement concern regarding multiple resources.  The XSF has technologies in development to multiplex chat conversations, namely [CARBONS].  I'm not sure that E2E-REQ calls it out, but it will be an important consideration for the very near term.  I'm curious how yabasta can accommodate things like carbons without in a user-transparent manner.

from your response on standards@xmpp.org, an effective fork of OTR doesn't exactly meet the (existing) XMPP WG charter requirement.  I'm not saying that's necessarily bad, but it is something to consider as we move forward.  Not that I have much moral authority here with [XMPP-E2E] (-;  However, my draft is based on a technology with a lot of momentum behind it, so it is likely to be "widely deployed and implemented" by the time we get completely done.

One of the big detractions from RFC3923 was the multiple paths followed.  It looks like this duplicates that, and not in a necessarily better route.  Various other attempts at this space have tried to deal with a single path (whole stanzas) to eliminate the complexity.  It is nice there is an existing implementation, but is there enough value in multiple paths to continue down that road?

I have some concerns that there are a lot of cryptographic primitives here, and it doesn't look very negotiable for those primitives.  I'm hesitant to have this much specialized work happen in a group that does not have the expertise.  Would it be possible (and worthwhile) to separate this more, and possibly push the primitives through the security area?

Finally, given your original post, seeing the word "forgeability" as a feature makes me personally very nervous.  I don't claim to be an expert, or much more than a erstwhile enthusiast, but I have a hard time seeing this being a good idea in general.


- m&m

Matt Miller < mamille2@cisco.com >
Cisco Systems, Inc.

[CARBONS] XEP-0280: Message Carbons < http://xmpp.org/extensions/xep-0280.html >
[XMPP-E2E] End-to-End Object Encryption and Signatures for the Extensible Messaging and Presence Protocol (XMPP) < http://tools.ietf.org/html/draft-miller-xmpp-e2e-05 >

On Feb 26, 2013, at 7:35 AM, Jon Kristensen <info@jonkri.com> wrote:

> Hello, everyone!
> 
> I would like to briefly introduce myself to the members of this mailing list, and to inform you of my interest of contributing to the standardization of the use of the Off-the-Record protocol with XMPP.
> 
> My relevant past experience includes being one of the co-authors of Pontarius XMPP[1], a client XMPP library for Haskell, as well as the prototyping of a OTR-based (but (so far) OTR-incompatible) JavaScript application currently called Yabasta[2].
> 
> In the process of prototyping Yabasta, I have "designed" an OTR-like protocol[3] that, while based on OTR, differs from OTR in a number of ways. Most importantly, the OTR messages (be it the authenticated key exchange, the protected payloads, or the Socialist Millionaire's Protocol) are expressed with XML instead of with a binary encoding. Also, the prime numbers used are negotiatable, and any XML payloads can be protected (not just message bodies). (I never meant to go "Not invented here" in regards to OTR: my intention was simply to make the protocol easier to understand and to implement, more flexible, and better suitable for XMPP. However, I have since then that straying so far from OTR might not have been the best idea.)
> 
> Please don't hesitate to contact me if you are working on anything related to the above, or if you have any other questions or concerns.
> 
> Warm regards,
> Jon Kristensen
> 
> [1]: http://hackage.haskell.org/package/pontarius-xmpp/
> [2]: https://yabasta.com/
> [3]: https://github.com/jonkri/yabasta-protocol/
> _______________________________________________
> xmpp mailing list
> xmpp@ietf.org
> https://www.ietf.org/mailman/listinfo/xmpp

v2.23.0 | Report a Bug | By Email