On Thursday 15 January 2009 10:02:24 Matthew A. Miller wrote: > Besides, XEP-233 isn't any more secure than the SRV lookup. [...] > * If you trust the XEP-233 result because you've got a secure channel > (STARTTLS) and trusted their certificate, then why can't you now trust > the SRV result?
Hmm, this is an interesting question. TLS validates the XMPP domain, not the connect host found in the SRV result. So an attacker could feed you an incorrect SRV result here, and then route your traffic (as-is, not attacking TLS) to the real XMPP server. This would be enough for an attacker to cause you to use the wrong host in the Kerberos negotiation. However, it's not clear to me if there is a real attack here. With the wrong host, you may obtain a wrong Kerberos ticket but you'll attempt to use it with the "right" host which will result in a failed authentication (a DoS). Maybe if the "right" host has multiple host keys for the "xmpp" service, the attacker could cause you to successfully authenticate to the wrong XMPP host? Well, whether that attack is really a problem or not, at least XEP-233 does close it off. -Justin _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
