On Thu, Nov 7, 2013 at 7:50 PM, Alexander Holler <[email protected]>wrote:
> Sure, therefor I'm here and speak against the requirement for TLSv1.2. The > manifesto sounds like it might be a good idea to enforce that requirement > on the S2S too, and that clearly isn't what should be done in my opinion. > There is actually no requirement for TLSv1.2 in the manifesto; there is in the Internet Draft, though. The manifesto just says to prefer it. > I now could start to talk about the questionable requirement for "trusted" > certificates (whatever that should be) or DNSSEC (which I see as a red > button in the hand of a foreign, not that friendly, government, which for > sure doesn't care about me), but I think it's better not to start such a > discussion here. > > It says: o deploy certificates issued by well-known and widely-deployed certification authorities (CAs) There's nothing about DNSSEC, and the word "trusted" does not appear either - I doubt it means what you think in this case anyway. What this does mean, in practise, is certificates that a typical end-user or server is likely to be able to authenticate (ie, those issued by a common trust anchor). That's all. > I already seem to be pretty alone with letting the user choose what he > thinks he needs (I'm pretty in support of encouraging strong encryption, > just not of _requiring_ it, at least not now). > > Then you're not in favour of the manifesto, don't feel it's realistic, and don't want to sign. And that's OK. > > In any case, the attack vector here isn't that the NSA or GCHQ are >> targetting you specifically. It's that they're targetting everyone, and >> keeping that information around in case they need it later. This is why >> we're suggesting encrypting everything, and with PFS, so that it's >> worthless, and so they *need* to target you to snoop on you. >> > > I know that all that (don't misinterpret the fact that I've forgotten that > DH is supported by openssl since a long time), but I wouldn't use my server > for any communication I want to be secret. At least not for stuff which > isn't p2p encrypted (and XMPP usually is not). > I think you're missing the point. Try s/secret/private/ on your paragraph and see if it holds true then. The problem we're facing is that we used to use TLS for secrecy and authentication, whereas we are undergoing a sea-change where TLS is now primarily useful for privacy. Since dragnet surveillance targets internet connections and key service providers, if we encrypt every XMPP connection, that same surveillance would require someone to directly attack your server, or that of your contact. PFS is important here because otherwise, an attacker can log all your traffic along with everyone else's and then, when they need something against you specifically, grab your private key and take a look at what they caught. I'd refer to this as "trolling" if it weren't a term already taken. The manifesto says that the undersigned are committing to encrypt every connection with best practise encryption, including PFS, and authenticate all S2S with something rather less than best practise PKI. (No mention of CRLs, OCSP stapling, etc). Of the two aspects, I'd cheerfully drop the authentication aspects, frankly, but we're setting a fairly low bar there. If not enough people sign it'll need re-evaluating, and if the trials show serious interop or connectivity issues, then that, too, will cause a re-think. But we'll find this stuff out as we go, not by lowering the bar before we've begun. Dave.
_______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
