[Psi-devel] Re: Improving Jabber Encryption (was: what happened to
saving gpg passphrase?)
psi at pico.ca
Mon May 30 16:17:54 PDT 2005
On Monday, May 30, 2005 17:30, Justin Karneges wrote:
> I've written some newer Jabber encryption specs over the last year or so,
> although I don't think I included anything about service discovery.
Out of curiosity, did you make any provisions for optionally using different
encryption schemes, like Off-the-Record Messaging (OTR)?
> By tying the PGP user-id to the JID, there shouldn't be a need to
> advertise the key-id anymore. Of course, there's still the problem of
> encrypting to a recipient that is not prepared to accept encrypted
> messages. This is where service discovery could be useful, but it's
> important to remember two things: 1) disco won't be useful if you want to
> send an offline message, 2) relying on disco information makes you
> vulnerable to a downgrade attack.
1) As was mentioned in a previous discussion about OTR, OTR doesn't play
well with offline messages. So, it might make sense that somebody would
prefer OTR for normal chats, while that person would prefer GPG for offline
messages. So, possibly there should be offline message encryption settings
stored on the server, and disco would be used in the online case.
Anyhow, I don't think we can ever be sure of what decryption facilities a
contact may have the next time he connects. He may have gone to a friend's
house, and not brough his private key, so any GPG-encrypted messages would
be useless, regardless of what he normally uses. The best we can do is
suggest what encryption schemes are most likely to be available in the near
future. Logging into your account at your friend's house should not flag
that you cannot handle GPG messages anymore in my opinion.
We still need to associate a GPG key with a JID. I don't think we can use
any info from the Jabber network to do that -- that info must either come
from the trusted key, possibly a 3rd trusted party, or from an external
association (although we could use the hint provided by the Jabber
network). Anyhow, what I'm trying to say is that the user, one way or
another, must have said that an encryption scheme to a contact is valid
before it can be used. So, the best info we can get in Jabber is what of
the already trusted encrypted channels that have been associated with a JID
does your contact's client support using at this time, and possibly the
2) I'm not exactly sure what you mean by this. If you mean that somebody
could alter your encryption preferences to put your easiest-broken scheme
as the preferred one, then, yes, this could happen. Both parties (at least
for OpenPGP) must have already said that they trust the encryption before
that least-secure encryption can be used, so perhaps it's an acceptable
attack. I suppose we could optionally sign the encryption methods when they
change. It sure beats needing to enter a GPG key for all status changes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://listserver.dreamhost.com/pipermail/psi-devel-affinix.com/attachments/20050530/b6eaf3eb/attachment-0001.bin
More information about the Psi-devel-affinix.com