[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

jabber identity

To: iesg <iesg@ietf.org>
Subject: jabber identity
From: Randy Bush <randy@psg.com>
Date: Thu, 10 Jul 2003 21:39:37 +0200

when i was in group chat and someone questioned my identity,
i suggested hta hand me a nonce in a p2p pgp secure session,
and i would then replay the nonce on group chat.

as smb pointed out, this left us open mitm between (hta|me) and
the group chat.  in this case, both hta and i had ssl to the
server on which the group chat was being hosted.  but how could
you know that?

i have not read the jabber drafts, but i have to ask.  given the
remarks on the need for identity in the rather educational, at
least to me, paper scott brimm pointed us to,
<http://www.shirky.com/writings/group_enemy.html>, and the
discussion we had before chartering the jabber wg (which was going
to complete last december, right hrn crocker and rose?), does the
ietf jabber work address this problem well?

randy

Follow-Ups:
- Re: jabber identity
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>

Prev by Date: Re: Evaluation: draft-ietf-dnsext-ad-is-secure
Next by Date: Sunday meeting agenda
Previous by thread: Drafts to read related to problem/solution for Sunday
Next by thread: Re: jabber identity
Index(es):
- Date
- Thread