Justin Karneges <[email protected]> writes: > On Tuesday 02 June 2009 22:24:07 Simon Josefsson wrote: >> While I like PGP/X509 to be used, I think it is important to also >> support secure communication to happen based on a shared secret. While >> the security industry likes to believe public key solutions will solve >> everything, what normal people understand will continue to be >> "passwords". And it should be possible to build a secure communication >> system bootstrapped from a password. One approach is for >> implementations to generate the X509/PGP certs on the fly, and >> authenticate them using the shared secret. > > I believe the consensus is that we should support passwords, X.509, and PGP. > So don't worry, nobody's getting left out. :) Even the latest security spec, > draft-meyer-xmpp-e2e-encryption-01, covers all three cases.
Great. > I do like the suggestion of generating a self-signed X.509 certificate on the > fly and protecting it with a password somehow. This way, every existing TLS > library and language binding can be used to implement password-secured > sessions. > > In contrast, draft-meyer-xmpp-e2e-encryption-01 specifies that passwords > should be used natively in TLS, via the SRP extension. This approach is > ideal from a protocol perspective, but comes with a high cost: developers may > need to rework/switch TLS libraries. In my opinion, this is not XMPP's > battle. I think being able to use "off the shelf" TLS libraries is a noble > goal, and one we should choose over protocol purity. Sure, but the word "somehow" is critical, and I suspect SRP may turn out to be the simplest way to achieve the goal. Other alternatives include inventing protocols like bluetooth-pairing or ZRTP, but compared to those, I believe TLS-SRP is "off the shelf". I'm not aware of well standardized online password-based solutions, without a trusted third party (think Kerberos), that have good properties except for SRP. PSK based on a password has offline dictionary attack concerns. Does anyone recall discussion of other options? /Simon
