Re: [xmpp] Problems with draft-miller-xmpp-e2e [WAS: [Standards] Updated Yabasta Protocol (E2E-related)]
Jon Kristensen <info@jonkri.com> Sun, 14 July 2013 17:09 UTC
Return-Path: <info@jonkri.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D9B021F9D40 for <xmpp@ietfa.amsl.com>; Sun, 14 Jul 2013 10:09:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hTXh2TYoKZKa for <xmpp@ietfa.amsl.com>; Sun, 14 Jul 2013 10:09:18 -0700 (PDT)
Received: from mail-lb0-f193.google.com (mail-lb0-f193.google.com [209.85.217.193]) by ietfa.amsl.com (Postfix) with ESMTP id 0353421F9DDE for <xmpp@ietf.org>; Sun, 14 Jul 2013 10:09:17 -0700 (PDT)
Received: by mail-lb0-f193.google.com with SMTP id z5so2186619lbh.0 for <xmpp@ietf.org>; Sun, 14 Jul 2013 10:09:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding :x-gm-message-state; bh=sWOq9WnzLIMCTzGUSGWHyG1KVINqv8JbKSqz+4o1WYY=; b=DJHQM1VfdTftTW0qiPYre21o/fwaYrArpwlS05IMz22W7i4T+kepyfZbCoSp9VBHIa FsFpoMEDP6neUEEZoxyEOYl8HlWfEbI9FBT803DCqEgAZXo06XUXjpTt0eVsl7gBVzL2 D7s918+6ZXX8VDOEF/lntL4IE+LIc60ouhAWHacJn0yg9HQnwtLPTmNZvZ40EfASb8ZJ aXYgfvQhOk9gvd2v58CbfNAb/qOYnbgb5tir4MOhC3lXjzhAY8aFgoiqCYBbFm2jJBHf ElzuRxw5L30BIhL4MYmGJEBS6JQchp+RTMfrW2zTo6pY0p/lYdM6vUaWzVIgh63ybjaC zGhA==
X-Received: by 10.112.54.161 with SMTP id k1mr22858568lbp.21.1373821755420; Sun, 14 Jul 2013 10:09:15 -0700 (PDT)
Received: from localhost.localdomain ([94.234.184.201]) by mx.google.com with ESMTPSA id n3sm17768872lag.9.2013.07.14.10.09.14 for <multiple recipients> (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Sun, 14 Jul 2013 10:09:15 -0700 (PDT)
Date: Sun, 14 Jul 2013 19:09:11 +0200
From: Jon Kristensen <info@jonkri.com>
To: "Matt Miller (mamille2)" <mamille2@cisco.com>
Message-ID: <20130714190911.3a485030@jonkri.com>
In-Reply-To: <BF7E36B9C495A6468E8EC573603ED941152B1C3D@xmb-aln-x11.cisco.com>
References: <1693EFE1FD641C42A0D542FCBC732DE6BDE5BA3C@EX3.YODA.UTOPIA.LOCAL> <F930A551-9441-49BD-9564-FB1C43ADEA49@cisco.com> <BF7E36B9C495A6468E8EC573603ED941152B1C3D@xmb-aln-x11.cisco.com>
X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.19; x86_64-redhat-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Gm-Message-State: ALoCoQnEMcfS8DQsf1j5yz35m9DkXXKCknYbGGyaFJsUsbaBbmKxwoYqILt3sunNx1eXynClx5iA
Cc: Peter Waher <Peter.Waher@clayster.com>, "<xmpp@ietf.org> Group" <xmpp@ietf.org>
Subject: Re: [xmpp] Problems with draft-miller-xmpp-e2e [WAS: [Standards] Updated Yabasta Protocol (E2E-related)]
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jul 2013 17:09:28 -0000
Hi, Matt! I see. Thank you for your clarifications. I'm really glad that you're open to look into meeting these (to me, very important) requirements. PFS, repudiability, and anonymity (preferably strong) are "MUST" requirements for the system that I'm building, and that's why I'm developing the Yabasta protocol. Unfortunately, as I'm quite busy with other matters, I don't think that I will be able to contribute much to your draft, at least not during the summer. I will not be able to travel to Berlin during those days, either. :-( However, I will be following this mailing-list for further developments of your drafts, and I hope that I will find the time to review any suggestions related to the above. Good luck! Jon On Thu, 11 Jul 2013 13:20:51 +0000 "Matt Miller (mamille2)" <mamille2@cisco.com> wrote: > Hello Jon, > > >> -----Original Message----- > >> From: Jon Kristensen [mailto:info@jonkri.com] > >> Sent: den 27 juni 2013 15:30 > >> To: Peter Waher > >> Cc: XMPP Standards > >> Subject: Re: [Standards] Updated Yabasta Protocol (E2E-related) > >> > >> Hi Peter, and thank you for your response! > >> > >> These are the problems of the draft as I understand it. > >> > >> It does not offer perfect forward secrecy, as the compromise of a > >> private key would unlock all of the session keys protected by the > >> corresponding public key. > >> > > We talked about this on this list, and agreed that some form of > "pure" DH agreement would be a way to address this, as well as remove > the requirement for RSA keys. I've been spending more energy on > other tasks, and haven't had the time to work this out for myself. > > As stated previously, suggested texts for draft-miller-xmpp-e2e are > welcome. If you can be in Berlin between 07/26 and 08/02, we can > even sit down and hash something out face-to-face! > > >> It also does not allow for anonymity (neither weak or strong), as > >> the public key is being sent in the clear. > >> > > See above. > > >> A Diffie-Hellman key exchange request model could be used to > >> tackle these problems, provided that two levels of <keyreq /> > >> requests can be used. I don't know if this is part of the indended > >> usage of the draft, or whether or not it would actually work. It > >> would be great to see, though! Has any work been done to > >> accommodate this feature? > >> > > See above. > > >> I'm also a little concerned about the fact that the public keys is > >> used to protect the session keys from a deniability perspective, > >> but I haven't really thought that through enough yet. Maybe it's > >> nothing... > >> > > I don't have empirical evidence to back this up, but seems to be > there are at least as many people that want non-repudiation than > there are people that want deniability. While the two are mutually > exclusive, I don't think it means it can't be done. > > The draft uses JWK objects for keys. As long as you can represent > the DH agreement as a JWK, I don't see why you couldn't use that > instead of an RSA public/private key pair. > > > - m&m > > Matt Miller < mamille2@cisco.com > > Cisco Systems, Inc. >
- [xmpp] Problems with draft-miller-xmpp-e2e [WAS: … Matt Miller (mamille2)
- Re: [xmpp] Problems with draft-miller-xmpp-e2e [W… Matt Miller (mamille2)
- Re: [xmpp] Problems with draft-miller-xmpp-e2e [W… Jon Kristensen