On 4/15/09 3:42 AM, Dave Cridland wrote: > On Tue Apr 14 17:07:41 2009, Peter Saint-Andre wrote: >> Dialback is not an authentication protocol. >> >> > I have no idea what else it is.
The IETF said we needed to call it "weak identity verification". :P > Dialback might not be a terribly secure authentication mechanism, but > the intent is to verify an identity assertion, for use as the basis for > authorization, and if that's not an authentication mechanism I have no > idea how else to describe it. > > FWIW, I'm not sure there's any such thing as an authorization protocol, > since the act of authorization is almost by definition an internal > matter. (Although policy query services would probably count). > > >> > [snip] >> >> It's still not clear to me what TLS+dialback really means. If you're >> >> going to do TLS, use real certs and then you can do authentication >> >> via SASL EXTERNAL. >> > >> > SASL EXTERNAL is a non-starter in the public network. >> >> That's an assertion not necessarily backed up by evidence. I am not >> convinced that TLS + EXTERNAL is a non-starter on the public XMPP >> network, but then again I help to run a CA that issues free domain >> certificates for that network (visit http://xmpp.org/ca/ to get yours >> today). I think we can say that TLS + EXTERNAL has not been widely >> adopted, but that doesn't mean it never will be widely adopted. It all >> depends on what threats people perceive. If the costs of getting a >> domain cert start to be less than the costs of unsecured federation, >> then people will start to use certificates. > > I'd readily agree here, with the caveat that it's the X.509 that's > seeing quite successful deployment by the usual standards. In fact, if > you compare the XMPP network to the HTTP one, and consider the > proportion of XMPP servers deploying routine TLS with a CA-signed > certificate, to the proportion of HTTP servers even offering any TLS at > all, I think XMPP is looking remarkably good. > > But Philip's right that we could never mandate CA-signed certificates, > we can merely recommend strongly that servers obtain one - to mandate > them and pretend that dialback does not exist would be burying our heads > in the sand to an extraordinary degree. Naturally, we can't mandate any deployment decisions of this kind. But if all the major nodes on the network start to require TLS for s2s, adoption would increase significantly. Unfortunately we're not yet close to doing that yet because of the rule about one stream per domain (in fact two until s2s streams can be bidirectional), which pretty much makes it impossible for services like Google Apps to do TLS s2s. That's why I am so interested in solving the multiplexing problem. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
