Am 07.11.2013 21:49, schrieb Dave Cridland:
On Thu, Nov 7, 2013 at 7:50 PM, Alexander Holler <[email protected]>wrote:
I now could start to talk about the questionable requirement for "trusted"
certificates (whatever that should be) or DNSSEC (which I see as a red
button in the hand of a foreign, not that friendly, government, which for
sure doesn't care about me), but I think it's better not to start such a
discussion here.
It says:
o deploy certificates issued by well-known and widely-deployed
certification authorities (CAs)
For me that reads like well-known and widely-deployed CAs are trustworthy.
And I don't see any reason to trust any certificate I haven't proved
myself and which isn't under my control. The CA system is imho totally
broken, especially because some governments seem to have all the keys or
are able to get the keys without anyone else having a chance to notice
that (or even beeing notified). So they are able to clone certificates
and thus they are able to become a perfect man-in-the-middle. So there
is no reason left to trust any certificate from any CA, especially if
that CA isn't in your country (where you might have a chance to be
protected by the law you live under).
Since dragnet surveillance targets internet connections and key service
providers, if we encrypt every XMPP connection, that same surveillance
would require someone to directly attack your server, or that of your
contact. PFS is important here because otherwise, an attacker can log all
your traffic along with everyone else's and then, when they need something
against you specifically, grab your private key and take a look at what
they caught. I'd refer to this as "trolling" if it weren't a term already
taken.
The manifesto says that the undersigned are committing to encrypt every
connection with best practise encryption, including PFS, and authenticate
all S2S with something rather less than best practise PKI. (No mention of
CRLs, OCSP stapling, etc). Of the two aspects, I'd cheerfully drop the
authentication aspects, frankly, but we're setting a fairly low bar there.
That's all a good thing and I support that. But to repeat myself:
--------
Not exactly the same, but I don't like the part
"or require cipher suites that enable forward secrecy"
for the same reason.
--------
(that's how I've entered this discussion)
I did left out the part of the sentence before that *require* for a good
reason. I'm only against making it an requirement on the S2S side
because that would affect everyone who want to send a message to someone
else in the XMPP world.
Nothing else. I'm not against security, I'm not against strong
encryption, I'm not against privacy. In fact I'm in strong favor of
security, strong encryption and privacy and take everone of those very
serious. Even if most people here want to imply something else.
But I think it's already time to quit this discussion, it just became
too senseless to continue.
Alexander Holler
_______________________________________________
JDev mailing list
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
