[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: jabber identity

To: Randy Bush <randy@psg.com>, iesg <iesg@ietf.org>
Subject: Re: jabber identity
From: Harald Tveit Alvestrand <harald@alvestrand.no>
Date: Sat, 12 Jul 2003 15:08:14 +0200
In-reply-to: <E19ahGU-0003zp-2k@roam.psg.com>
References: <E19ahGU-0003zp-2k@roam.psg.com>

discussing this with marshall now. he claims it's a client problem, because you can actually sign your traffic through the chatroom - the clients check the sig, but then actually don't offer to show you what identity's key they checked the sig against.

confusing.....

--On 10. juli 2003 21:39 +0200 Randy Bush <randy@psg.com> wrote:

when i was in group chat and someone questioned my identity,
i suggested hta hand me a nonce in a p2p pgp secure session,
and i would then replay the nonce on group chat.

as smb pointed out, this left us open mitm between (hta|me) and
the group chat.  in this case, both hta and i had ssl to the
server on which the group chat was being hosted.  but how could
you know that?

i have not read the jabber drafts, but i have to ask.  given the
remarks on the need for identity in the rather educational, at
least to me, paper scott brimm pointed us to,
<http://www.shirky.com/writings/group_enemy.html>, and the
discussion we had before chartering the jabber wg (which was going
to complete last december, right hrn crocker and rose?), does the
ietf jabber work address this problem well?

randy

References:
- jabber identity
  - From: Randy Bush <randy@psg.com>

Prev by Date: Re: Last Call: Multicast Router Discovery SSM Range Option to Proposed Standard
Next by Date: Re: (ngtrans) draft-ietf-ngtrans-ipv6-smtp-requirement
Previous by thread: jabber identity
Next by thread: Re: jabber identity
Index(es):
- Date
- Thread