[Psi-devel] Re: Improving Jabber Encryption (was: what happened to saving gpg passphrase?)

Mon May 30 16:17:54 PDT 2005

On Monday, May 30, 2005 17:30, Justin Karneges wrote:
> I've written some newer Jabber encryption specs over the last year or so,
> although I don't think I included anything about service discovery.

Out of curiosity, did you make any provisions for optionally using different 
encryption schemes, like Off-the-Record Messaging (OTR)?

> By tying the PGP user-id to the JID, there shouldn't be a need to
> advertise the key-id anymore.  Of course, there's still the problem of
> encrypting to a recipient that is not prepared to accept encrypted
> messages.  This is where service discovery could be useful, but it's
> important to remember two things: 1) disco won't be useful if you want to
> send an offline message, 2) relying on disco information makes you
> vulnerable to a downgrade attack.

1) As was mentioned in a previous discussion about OTR, OTR doesn't play 
well with offline messages. So, it might make sense that somebody would 
prefer OTR for normal chats, while that person would prefer GPG for offline 
messages. So, possibly there should be offline message encryption settings 
stored on the server, and disco would be used in the online case.

Anyhow, I don't think we can ever be sure of what decryption facilities a 
contact may have the next time he connects. He may have gone to a friend's 
house, and not brough his private key, so any GPG-encrypted messages would 
be useless, regardless of what he normally uses. The best we can do is 
suggest what encryption schemes are most likely to be available in the near 
future. Logging into your account at your friend's house should not flag 
that you cannot handle GPG messages anymore in my opinion.

We still need to associate a GPG key with a JID. I don't think we can use 
any info from the Jabber network to do that -- that info must either come 
from the trusted key, possibly a 3rd trusted party, or from an external 
association (although we could use the hint provided by the Jabber 
network). Anyhow, what I'm trying to say is that the user, one way or 
another, must have said that an encryption scheme to a contact is valid 
before it can be used. So, the best info we can get in Jabber is what of 
the already trusted encrypted channels that have been associated with a JID 
does your contact's client support using at this time, and possibly the 
preferential order.

2) I'm not exactly sure what you mean by this. If you mean that somebody 
could alter your encryption preferences to put your easiest-broken scheme 
as the preferred one, then, yes, this could happen. Both parties (at least 
for OpenPGP) must have already said that they trust the encryption before 
that least-secure encryption can be used, so perhaps it's an acceptable 
attack. I suppose we could optionally sign the encryption methods when they 
change. It sure beats needing to enter a GPG key for all status changes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://listserver.dreamhost.com/pipermail/psi-devel-affinix.com/attachments/20050530/b6eaf3eb/attachment-0001.bin