PubSub will be on virtually every server in the future and it's suitable for saving both private and public data.
The only issue is: do you trust the server list? Maybe you can also store your own signatures for the certificates? I don't understand the precise purpose of this outline but I believe it should also include a listing of security features it is intended to provide. Pavel On Sun, 24 Aug 2008 12:22:57 +0200 Johansson Olle E <[EMAIL PROTECTED]> wrote: > > 24 aug 2008 kl. 11.33 skrev Dirk Meyer: > > > Dirk Meyer wrote: > >> That is a very, very nice idea. The client could create a > >> certificate (maybe self-signed) and you upload it to the XMPP > >> server to use this. There already is XEP-0178 how to use > >> certificates and not passwords. This is also a very good idea > >> about how to handle a bot if the device is stolen or hacked: I > >> could just remove the certificate. > >> > >> Outline for a XEP: Changing User Credentials > >> > >> 1. A client can add a certificate (self-signed or not does not > >> matter) > >> to the server to use for SASL-EXTERNAL. The verification that > >> this is the correct certificate is out of the scope of that XEP. > >> Each certificate is combined to a name that can not be changed > >> later. This makes it possible for the user to know what clients > >> can log-in and the "not changable" prevents a bad client from > >> renaming itself. > >> > >> 2. A client can remove a certificate at any time. Clients with that > >> certificate can not log in anymore. Optional: if a client is > >> logged in right now it is kicked out. A server must keep track on > >> how a client used SASL. > >> > >> 3. A client can change the password for the account. To do that it > >> needs the old password. This prevents a compromised client with a > >> certificate to lock me out of my account. > >> > >> If I do not trust a client anymore I use my password to remove that > >> client and I'm done. > > > > Maybe it is a stupid idea, but we may already have 1. and 2. There > > is XEP-0178 using PubSub to upload keys. The PubSub server is part > > of the server in most cases. If it is, the server can search the > > PubSub nodes for certificates used by SASL-EXTERNAL. > > > > I don't know enough about PubSub to comment on that, but it sure > sounds like a useful idea. Anyone else? > > /O -- Web: http://www.pavlix.net/ Jabber & Mail: pavlix(at)pavlix.net OpenID: pavlix.net
