Hi, Definition:
- POST-Prism means the time after PRISM. What we know now. It does not imply that PRISM ever carried out a DNSSEC or DNS attack. Sorry if this was not clear. - Khomeini: Sorry, you are right. He is dead. Use Khamenei. Sorry for the typo. Makes zero difference. Let's stay technical. On Fri, Nov 15, 2013 at 10:30 AM, Dave Cridland <d...@cridland.net> wrote: > On Fri, Nov 15, 2013 at 9:30 AM, Ralf Skyper Kaiser <sky...@thc.org>wrote: > >> No. The user has to trust ALL keys and not just the single ROOT KEY. The >> user has to trust: >> 1. The key was generated securely (enough bits, good primes, ...) >> 2. A good RNG was used (hi debian! Thanks for a bad RNG). >> 3. The key is not leaked (on purpose) by _any_ of the admins in the >> domain chain >> 4. The key is stored securely and not stolen >> 5 . ...This list is incomplete...and goes on and on. >> >> > Excellent... So we'll run through a first-time connect without DANE, and > with just pinning. > [...] > > OK. Small note there, actually. You also have to trust any authority over > your IP connectivity at this point, plus spoofing DNS is relatively easy > without DNSSEC, so you're basically trusting *everyone*. Which just makes > you a nice guy, right? Can I borrow €1,000? > Assuming the DNS was used then the user could be tricked in connecting to the wrong IP address of the jabber server. Yet the security is not compromised because the TLS connection will fail (assuming the certificate is pinned). The attacker can prevent the user from connecting to the jabber server but the attacker can not read the data/chat/messages of the user. What we should focus on is that the data/chat/messages stay confidential. Pinning does this. The pinning (without DNSSEC) is open to attack on the first connect. SSH is vulnerable the same way. SSH works on the same model (pinning). See my other email why the 'first connect' scenario is not practical for an attacker. (and if you want to fix this then you can use DNSSEC with PINNING). On the other hand just using DNSSEC requires the user to trust at least 3 different keys from 3 different entities that have 3 totally different geopolitical interests. What can possible go wrong... > > <SARCASM> >> That really sounds like a great idea! Unless of course >> >> 1. You are a gay person in Iran >> 2. An Atheist in Saudi Arabia (or a women) >> 3. Leonardo da Vinci and dare to suggest that the earth is round >> 4. A black person wishing to sit in the front row of a bus >> 5 ... >> </SARCASM> >> >> > Typically, sarcasm is used to posit something that is clearly the opposite > of what you intend, by the way. Aside from "That really sounds like a great > idea", I'll assume that the remainder of the argument you state above is, > you believe, valid. > Sorry if this was not obvious. > > >> DANE does not protect any of the above people. >> >> > regards, ralf
_______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________
