On Tuesday 19 August 2008 14:50:42 Dirk Meyer wrote: > The question we had (and that is the reason I started the discussion) is: > how to verify the TLS certificates.
A related topic I want to talk about is private key maintenance. I don't think average users will be able to maintain private keys. Users will easily lose their keys, forget to transfer them when buying new computers, create multiple keys (by accident, or not) if they regularly use XMPP from multiple computers, etc. Losing or leaving around private keys, and being unaware that you even have them, seems very dangerous to me. At minimum we should probably encourage password-protecting the private keys, although that means yet-another-password for the user to remember... (anyone know if Pidgin-OTR password-protects its private keys?) One idea that I've kicked around, which can't possibly be new and I haven't evaluated the security risks of, is optionally storing a password-protected private key on the XMPP server. It may sound like a terrible idea for those of us capable of private key maintenance, but for the average person who might otherwise leave a trail of private keys on random computers it may be preferable... Extra points if there'd be a way to authenticate to your XMPP account and retrieve your private key with a single password, without the XMPP server being able to decrypt the private key. -Justin
