[18298] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
Re: Another entry in the internet security hall of shame....

daemon@ATHENA.MIT.EDU (Peter Saint-Andre)
Fri Aug 26 17:09:20 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 26 Aug 2005 13:43:06 -0600
From: Peter Saint-Andre <stpeter@jabber.org>
To: Enzo Michelangeli <enzomich@gmail.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <074801c5aa52$435f81e0$0200a8c0@em.noip.com>

This is a cryptographically signed message in MIME format.

--------------ms060902020700050005050004
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Enzo Michelangeli wrote:

>>Remember that Jabber and similar protocols also trust servers to some
>>extent. Servers store and distribute valuable information like
>>presence data -- it is architecturally hard to do otherwise.
> 
> 
> Well, not really: the buddies on the list can be located through a
> Distributed Hash Table such as Kademlia, and, once their IP addresses are
> known, their presence can be checked by ping/pong exchange of UDP packets
> every few seconds. The biggest problem is represented by NATs, but there
> are techniques that can alleviate it (hole punching or, in stubborn cases,
> relaying through non-NATted nodes).

We don't expose IP addresses in XMPP, instead we use logical addresses 
managed by servers. That's a different approach from what you've 
described, but of course you're free to build an alternative presence 
and messaging protocol and network if you'd like. :-)

>>I agree that you *also* want end to end, such as pgp over Jabber
>>provides. I really wish Gaim supported the pgp over Jabber stuff the
>>way PSI does...
> 
> 
> Why not get OTR then? http://www.cypherpunks.ca/otr/

OTR encrypts only the message text, but XMPP can be used to send all 
sorts of interesting XML traffic (such as SOAP, XML-RPC, etc.) in 
addition to simple IM. So we want to encrypt more than what in XMPP is 
the XML character data of the <body/> child of the top-level message 
stanza. RFC 3923 enables XMPP implementations to encrypt the entire XML 
stanza, but no one has implemented that yet and it doesn't support 
perfect forward security etc. Another possible approach being discussed 
is here:

http://www.jabber.org/jeps/jep-0116.html

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

--------------ms060902020700050005050004
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ8jCC
BPUwggLdoAMCAQICAwEjfTANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290IENBMR4w
HAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmlu
ZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0wNTA1
MTcxNzQ2MDBaFw0wNjA1MTcxNzQ2MDBaMEIxHTAbBgNVBAMTFEouIFBldGVyIFNhaW50LUFu
ZHJlMSEwHwYJKoZIhvcNAQkBFhJzdHBldGVyQGphYmJlci5vcmcwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC6QaezyuQyuya0zB98ew+fDDeO6dbkFE1Td2OrePzTOuSMNHH1
kvpAxpC7m9WtSeeQ874XC9qmPxBurEILQYZrA/IJNUR+kWvJzAJLJK/62xOCOuDuNjLXKv5F
BJEeg/uDpiq6K7yfsLcwg5wkxmIGsajYR+maGDlqV7aJeMuTcRTeNHNIBliwToPlIRvQfJbP
B3D4tCInHxWeg5BmyqXZgpEPdJ1hyoHB+YvA/0YKAb1Fq9Fq2n6ZC0O70ndkx++OXw65kkYi
m6N/dHQ9xjtpOOk6cQu+SKoL2BfU8kBp9bSmIUymn+KqUdwTcge4vFieJ1lWmtMsKUTbLbgh
0P9ZAgMBAAGjgbwwgbkwDAYDVR0TAQH/BAIwADBWBglghkgBhvhCAQ0ESRZHVG8gZ2V0IHlv
dXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQgb3ZlciB0byBodHRwOi8vd3d3LkNB
Y2VydC5vcmcwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5jYWNl
cnQub3JnMB0GA1UdEQQWMBSBEnN0cGV0ZXJAamFiYmVyLm9yZzANBgkqhkiG9w0BAQQFAAOC
AgEAk+5v9P2B9Zher5QMtmGRSqg+Dkmd2xMoBjPItsR2FFS6waXf3Hv82n4W//9HzM+zAuKv
a0kzHY9IHCqcpRVBAqKpN6a6VHb6ZmtwKtj38wmLwMUIqnfvEx4AvP8QJHERLRVn8JL801QT
8Nt1y/6LaOKkFiQUZGvP5m6plXHx2DqL2gfAtZ/VSivSTzkJp3XyDnL04TdKFMY6vPvoT1Ub
d48KW+ZA1NE1+h6gxr4jQVUExKeKB25RoxZMXyMqbawnzJZYl2fEkYgQVWVpPZO6NC9u45u4
kyOXNaLjiQwLpCvZj6x87YOQKn1YyiIWXSUFU4ArsaR/BvtVb53IKYE2LE8dPqq/fn1iMCb4
qLesxc+SQWAQB/xiDlVA00eJq+Ulyq4KTFnbARWHgXOqLUo9Uu+GsiK8L6WLf4vr2F8dhDwa
tfw7oGjGmGJd0ZO/Yt3Wp7ytutsM+4I3ewlQyRWsXx6zcSHN43FUFZpCJxrfD1k1t9z/MJy/
d2zx7mjjbjcfTykIi8taC2UwdMBAbpNmH4gh+VnrEPgYHOONwBTqL/dfW0Px5pa0Fv/WU/VQ
gYep9RLmdDYcwR2bn9XLdVDngMHHTr3Z9LNl1VfQnZg2wi2wvfIrrE0gOtJD7dMPl64Un2Tv
L0bvyJrhkiKKdFACad+aOcw1pyWIiDixoYZPJi8wggT1MIIC3aADAgECAgMBI30wDQYJKoZI
hvcNAQEEBQAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNl
cnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcN
AQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcNMDUwNTE3MTc0NjAwWhcNMDYwNTE3MTc0NjAw
WjBCMR0wGwYDVQQDExRKLiBQZXRlciBTYWludC1BbmRyZTEhMB8GCSqGSIb3DQEJARYSc3Rw
ZXRlckBqYWJiZXIub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukGns8rk
MrsmtMwffHsPnww3junW5BRNU3djq3j80zrkjDRx9ZL6QMaQu5vVrUnnkPO+Fwvapj8QbqxC
C0GGawPyCTVEfpFrycwCSySv+tsTgjrg7jYy1yr+RQSRHoP7g6Yquiu8n7C3MIOcJMZiBrGo
2Efpmhg5ale2iXjLk3EU3jRzSAZYsE6D5SEb0HyWzwdw+LQiJx8VnoOQZsql2YKRD3SdYcqB
wfmLwP9GCgG9RavRatp+mQtDu9J3ZMfvjl8OuZJGIpujf3R0PcY7aTjpOnELvkiqC9gX1PJA
afW0piFMpp/iqlHcE3IHuLxYnidZVprTLClE2y24IdD/WQIDAQABo4G8MIG5MAwGA1UdEwEB
/wQCMAAwVgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3Ig
RlJFRSBoZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMDIGCCsGAQUFBwEBBCYw
JDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9yZzAdBgNVHREEFjAUgRJzdHBl
dGVyQGphYmJlci5vcmcwDQYJKoZIhvcNAQEEBQADggIBAJPub/T9gfWYXq+UDLZhkUqoPg5J
ndsTKAYzyLbEdhRUusGl39x7/Np+Fv//R8zPswLir2tJMx2PSBwqnKUVQQKiqTemulR2+mZr
cCrY9/MJi8DFCKp37xMeALz/ECRxES0VZ/CS/NNUE/Dbdcv+i2jipBYkFGRrz+ZuqZVx8dg6
i9oHwLWf1Uor0k85Cad18g5y9OE3ShTGOrz76E9VG3ePClvmQNTRNfoeoMa+I0FVBMSnigdu
UaMWTF8jKm2sJ8yWWJdnxJGIEFVlaT2TujQvbuObuJMjlzWi44kMC6Qr2Y+sfO2DkCp9WMoi
Fl0lBVOAK7Gkfwb7VW+dyCmBNixPHT6qv359YjAm+Ki3rMXPkkFgEAf8Yg5VQNNHiavlJcqu
CkxZ2wEVh4Fzqi1KPVLvhrIivC+li3+L69hfHYQ8GrX8O6BoxphiXdGTv2Ld1qe8rbrbDPuC
N3sJUMkVrF8es3EhzeNxVBWaQica3w9ZNbfc/zCcv3ds8e5o4243H08pCIvLWgtlMHTAQG6T
Zh+IIflZ6xD4GBzjjcAU6i/3X1tD8eaWtBb/1lP1UIGHqfUS5nQ2HMEdm5/Vy3VQ54DBx069
2fSzZdVX0J2YNsItsL3yK6xNIDrSQ+3TD5euFJ9k7y9G78ia4ZIiinRQAmnfmjnMNacliIg4
saGGTyYvMYIDhzCCA4MCAQEwgYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0
cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5
MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAwEjfTAJBgUrDgMCGgUAoIIB
2zAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNTA4MjYxOTQz
MDZaMCMGCSqGSIb3DQEJBDEWBBTRX5gXDptDg56dHE1OkDuW7ao7jTBSBgkqhkiG9w0BCQ8x
RTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMC
BzANBggqhkiG9w0DAgIBKDCBkQYJKwYBBAGCNxAEMYGDMIGAMHkxEDAOBgNVBAoTB1Jvb3Qg
Q0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBT
aWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMB
I30wgZMGCyqGSIb3DQEJEAILMYGDoIGAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsT
FWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhv
cml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMBI30wDQYJKoZIhvcN
AQEBBQAEggEAY/CmM1Vs1+ACSoLy4Nea2RHcjfWAEgPpEL7Cl8dNBj5QR7hAyIbp8h1ojAe+
UGEgSLDFCsHlgNzL3RWsKe00mU537REPuLO9PgYtY/WgNkqliizvgEP10nkLCiviA6EwO3F2
sD5YYsFWF2eRbKcivxAztBFaTmMk9vb7nrzckuaWRnSOTu0i/NuNI4QoXfHW4XbS82Vg1Ye7
znboov3VGNmqMxku2L80eXfTgVYNbCbYuPlKbp/4fQd9ibqxGH599EBv+l6u8QZBlfbO0TXI
aV/izlUGKZAeolQGHEwiJK9UdANftH+GjwLR9C4d6Um2+np6Bk0uU4Vi6jbKq3uW8gAAAAAA
AA==
--------------ms060902020700050005050004--

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[18298] in cryptography@c2.net mail archive

Re: Another entry in the internet security hall of shame....

daemon@ATHENA.MIT.EDU (Peter Saint-Andre)Fri Aug 26 17:09:20 2005

daemon@ATHENA.MIT.EDU (Peter Saint-Andre)
Fri Aug 26 17:09:20 2005
