On Sat, 24 Sep 2005 17:59:00 +0200, Peter Millard <[EMAIL PROTECTED]>
wrote:
On 9/22/05, Tijl Houtbeckers <[EMAIL PROTECTED]> wrote:
On Thu, 22 Sep 2005 22:53:20 +0200, JD Conley <[EMAIL PROTECTED]>
wrote:
>>
>> This is bad engineering i.t.o. creating undesirable impact on the
> broader
>> Internet.
>
> What is the undesirable impact? .
It is, at least, a minor security risk.
I disagree that this is a minor security hole.
I did say at least ;)
The fact that my JM
server can potentially contact two completely different servers for
the same JID is a very bad thing. Jabber ID's are designed to be
unique, and they should be. This uniqueness is provided by using
domain names to help partition off the namespace. What you are
essentially doing is flattening this namespace by changing your
implementation.
ie, when my server contacts [EMAIL PROTECTED], it should
NEVER, EVER, try to send that message to [EMAIL PROTECTED] instead. This
seems very bad to me.
well I assume it still send it to [EMAIL PROTECTED], just over a
connection to jabber.org. So a decent non-malicious server would reject
the stanza, and at least never deliver it to [EMAIL PROTECTED]
Because of the way in general DNS is implemented and used on the internet
the risk is not as bad as you'd first think. But it certainly opens up a
few attack angles. The biggest benifit for attackers would be that a DNS
attack will become more stealthy. Instead of changing/spoofing the DNS
entry the server uses itself, which is very noticeable, you can steal
entry one higher in this (completly unrelated to DNS, except for the last
two "dots" in the address) hierachy. So if you run your Jabber server on
jabber.services.example.org I can steal services.example.org. An entry
that might not even be used or exist!
Wether it's a minor, severe, or critical risk, you don't activly work to
create a security flaw, in my opinion.
Is there anything preventing a person (other than lack of servers who
support this) to run conferencing or transports or anything at the same
domain as the server? The only bad thing I see is you can't make
channels/transport entries that conflict with users on the server. That's
problem that should be solveable (eg. go IRC style and add a # for
channels, and disallow usernames starting with with #). There might be a
disco/identity problem, but why wouldn't a server be able to have multiple
identities? Does protocol prohibit this? If so we're better off changing
that, than creating security holes.
