Am 19.08.2008 um 14:19 schrieb Peter Saint-Andre:
As far as I can see, SAS requires checking out of band. But I might not even know how to contact you out of band -- e.g., via phone or encrypted email. Furthermore, the average user doesn't sign or encrypt their email. So we're left with the phone, which is not necessarily convenient (how do I find your phone number?) or secure (how do I know that the phone number in your electronic profile is really yours, how do I know what you're supposed to sound like if I've never talked with you?). And SAS doesn't help our automated friends (yes, "bots are people too!").
This is thought for people you know IRL. For people you don't know IRL, you never can be sure. Everything could be forged. You can't prove it's that really person you think it is at all. If you know someone for a long time, you may have channel to verify the key. ESessions offers both, keys and SAS. And I think it is the right approach to have both.
Passwords (a la SRP) are interesting. They require some shared context (e.g., the password is the name of that bar where we had a beer last week, the city where we first met, the last song released by a band we both like, the nickname of that weird guy in the chatroom). But typically people who are communicating over XMPP have some kind of shared context, whether that is gained from interacting IRL, communicating via email or web forums or blogs or IM, sharing some interest, etc. In the age of Facebook and (to some extent) a common worldwide culture, presumably some passwords could be guessed, but they could be made harder to guess if people really care to. Plus, I think that a mutual, shared passphrase feels familiar to people in a way that fingerprints and short authentication strings don't (it brings back memories of secret phrases among children and such). And bots could generate passphrases in some automated ways that I'm not creative enough to think of right now.
While this sounds nice, in reality, it's really really insecure. Most questions can be answered by a third person that has monitored conversations before. If two chatted a lot before they had encrypted, that's a pretty easy task.
-- Jonathan
PGP.sig
Description: This is a digitally signed message part
