Re: [xmpp] Problems with draft-miller-xmpp-e2e [WAS: [Standards] Updated Yabasta Protocol (E2E-related)]
"Matt Miller (mamille2)" <mamille2@cisco.com> Thu, 11 July 2013 13:20 UTC
Return-Path: <mamille2@cisco.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35A1521F9C11 for <xmpp@ietfa.amsl.com>; Thu, 11 Jul 2013 06:20:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y-bHrxiPHwt2 for <xmpp@ietfa.amsl.com>; Thu, 11 Jul 2013 06:20:53 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id 2839D21F9C05 for <xmpp@ietf.org>; Thu, 11 Jul 2013 06:20:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8348; q=dns/txt; s=iport; t=1373548852; x=1374758452; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=UVqliQ7R5jjy5k+wYZlRKvNwjTTCOh2gbQEnXAooK8E=; b=EbshjEy3nvqp1n+iFDq1FxFwSdbJhGjiY89Iz8Y0pemmoPRKJR933f9x pf6hhys/CGlFMBJ7S8hCbucMOV/I2fHT6gja9f7z8400dIOa5Z1O6GjUd 8vJ+lRDqINZA7RnFBUJyHZQ5ZQQ3TqXisJq7Srh6ysx0RwkryNhfmzSyA c=;
X-Files: smime.p7s : 4136
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgsFAJid3lGtJV2Y/2dsb2JhbABagwl/wVCBBhZ0giMBAQEDAXkMBAIBCBEEAQELHQcCMBQJCAIEDgUIBod7BrdAjzAxBwaDA2wDkA6BLZdpgViBOYIo
X-IronPort-AV: E=Sophos; i="4.87,1043,1363132800"; d="p7s'?scan'208"; a="233558377"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-5.cisco.com with ESMTP; 11 Jul 2013 13:20:51 +0000
Received: from xhc-rcd-x09.cisco.com (xhc-rcd-x09.cisco.com [173.37.183.83]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id r6BDKp5Y015436 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 11 Jul 2013 13:20:51 GMT
Received: from xmb-aln-x11.cisco.com ([169.254.6.51]) by xhc-rcd-x09.cisco.com ([173.37.183.83]) with mapi id 14.02.0318.004; Thu, 11 Jul 2013 08:20:51 -0500
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: "<xmpp@ietf.org> Group" <xmpp@ietf.org>
Thread-Topic: Problems with draft-miller-xmpp-e2e [WAS: [Standards] Updated Yabasta Protocol (E2E-related)]
Thread-Index: AQHOfjl2+ccxs/bHNka4fpinYD/MVQ==
Date: Thu, 11 Jul 2013 13:20:51 +0000
Message-ID: <BF7E36B9C495A6468E8EC573603ED941152B1C3D@xmb-aln-x11.cisco.com>
References: <1693EFE1FD641C42A0D542FCBC732DE6BDE5BA3C@EX3.YODA.UTOPIA.LOCAL> <F930A551-9441-49BD-9564-FB1C43ADEA49@cisco.com>
In-Reply-To: <F930A551-9441-49BD-9564-FB1C43ADEA49@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.129.24.90]
Content-Type: multipart/signed; boundary="Apple-Mail=_7768F4E1-A7E4-46DA-80B7-AB7CC9111823"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Cc: Peter Waher <Peter.Waher@clayster.com>
Subject: Re: [xmpp] Problems with draft-miller-xmpp-e2e [WAS: [Standards] Updated Yabasta Protocol (E2E-related)]
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2013 13:20:59 -0000
Hello Jon, >> -----Original Message----- >> From: Jon Kristensen [mailto:info@jonkri.com] >> Sent: den 27 juni 2013 15:30 >> To: Peter Waher >> Cc: XMPP Standards >> Subject: Re: [Standards] Updated Yabasta Protocol (E2E-related) >> >> Hi Peter, and thank you for your response! >> >> These are the problems of the draft as I understand it. >> >> It does not offer perfect forward secrecy, as the compromise of a private key would unlock all of the session keys protected by the corresponding public key. >> We talked about this on this list, and agreed that some form of "pure" DH agreement would be a way to address this, as well as remove the requirement for RSA keys. I've been spending more energy on other tasks, and haven't had the time to work this out for myself. As stated previously, suggested texts for draft-miller-xmpp-e2e are welcome. If you can be in Berlin between 07/26 and 08/02, we can even sit down and hash something out face-to-face! >> It also does not allow for anonymity (neither weak or strong), as the public key is being sent in the clear. >> See above. >> A Diffie-Hellman key exchange request model could be used to tackle these problems, provided that two levels of <keyreq /> requests can be used. I don't know if this is part of the indended usage of the draft, or whether or not it would actually work. It would be great to see, though! Has any work been done to accommodate this feature? >> See above. >> I'm also a little concerned about the fact that the public keys is used to protect the session keys from a deniability perspective, but I haven't really thought that through enough yet. Maybe it's nothing... >> I don't have empirical evidence to back this up, but seems to be there are at least as many people that want non-repudiation than there are people that want deniability. While the two are mutually exclusive, I don't think it means it can't be done. The draft uses JWK objects for keys. As long as you can represent the DH agreement as a JWK, I don't see why you couldn't use that instead of an RSA public/private key pair. - m&m Matt Miller < mamille2@cisco.com > Cisco Systems, Inc.
- [xmpp] Problems with draft-miller-xmpp-e2e [WAS: … Matt Miller (mamille2)
- Re: [xmpp] Problems with draft-miller-xmpp-e2e [W… Matt Miller (mamille2)
- Re: [xmpp] Problems with draft-miller-xmpp-e2e [W… Jon Kristensen