JabberForum wrote: > For me the only point really important will be anyway the security, > because XMPP can probably be very secure, and I will already trust far > more the Jabber network than any of the other IM networks which are for > most of them not at all secure (and even more than Skype which is the > one said very secure). But the current implementation and uses of XMPP > are still not sufficient for me for such sensible uses. Anyway you are > apparently studying the security consideration very fairly in your XEP > already.
Thanks. Yes, security is the main problem here. I trust the Jabber server, but when it comes to personal data, I only trust applications I control. And based on my XEP it would be possible to do some nasty stuff. > I would add also one security layer yet: some commands should be > makable only locally (for instance on the machine itself). For instance, > imagine you can control the heater, the aeration system or anything like > this. You should set some limits locally that even the "owner" of the > devices cannot change through one's account (but one can do it locally > if one has physical access to the device for instance, or other access > very secure). Or maybe this owner's account could run any command, but > for critical one, they would be a second layer of security (like another > password to give every time you make such a command, etc.). It should be possible to only allow services for the owner. That will be defined in the yet-to-be-written Access Control List section of the document. Your local idea sounds nice and by accident it is already defined. If a device only uses link-local communication and does not register at the XMPP server, only local communication will be possible. But I will keep the local stuff in consideration when defining the access control list. > I am considering the fact that often the main security breach is the > human being. So what if someone can use your account: if you set a > poorly secure password like most people; or if your Jabber client > connects automatically on your main computer and gave access to this to > someone; or simply when you leave your desktop 5 minutes without > unconnecting from Jabber (forgetting this account is so sensible), etc. > Many security attacks rely on the human flaws (unless you are > paranoid). You can not prevent a stupid user. But the XMPP server account password is totally useless since the network does not trust the server. But if I have a main control app on my laptop running and you get access to my laptop ... well, you have access. Thanks for the feedback. Dirk -- This fortune would be seven words long if it were six words shorter.
