24 aug 2008 kl. 11.33 skrev Dirk Meyer:
Dirk Meyer wrote:
That is a very, very nice idea. The client could create a certificate
(maybe self-signed) and you upload it to the XMPP server to use
this. There already is XEP-0178 how to use certificates and not
passwords. This is also a very good idea about how to handle a bot if
the device is stolen or hacked: I could just remove the certificate.
Outline for a XEP: Changing User Credentials
1. A client can add a certificate (self-signed or not does not
matter)
to the server to use for SASL-EXTERNAL. The verification that this
is the correct certificate is out of the scope of that XEP. Each
certificate is combined to a name that can not be changed
later. This makes it possible for the user to know what clients can
log-in and the "not changable" prevents a bad client from renaming
itself.
2. A client can remove a certificate at any time. Clients with that
certificate can not log in anymore. Optional: if a client is logged
in right now it is kicked out. A server must keep track on how a
client used SASL.
3. A client can change the password for the account. To do that it
needs the old password. This prevents a compromised client with a
certificate to lock me out of my account.
If I do not trust a client anymore I use my password to remove that
client and I'm done.
Maybe it is a stupid idea, but we may already have 1. and 2. There is
XEP-0178 using PubSub to upload keys. The PubSub server is part of the
server in most cases. If it is, the server can search the PubSub nodes
for certificates used by SASL-EXTERNAL.
I don't know enough about PubSub to comment on that, but it sure sounds
like a useful idea. Anyone else?
/O
