On Tue, Apr 23, 2013 at 4:42 PM, Simon McVittie <[email protected]> wrote: > On 23/04/13 14:21, Daniele Ricci wrote: > I hope you don't mean context-free signatures on individual IMs similar > to those in XEP-0027 <http://xmpp.org/extensions/xep-0027.html>? >
That is actually one of the things I still need to address. Being Kontalk primarly targeted to mobile devices, it might not always be possible to estabilish an OTR session because one of the two peers could often be offline. Have you got any suggestion about this? > I suggest thinking about your threat model - who is the attacker and > what can they do? - before designing cryptographic protocols: otherwise, > it's easy to end up with a system that has gained more complexity than > actual security. > I know... but I need to gather much information in order to plan ahead all of this - that's why I'm here. I implemented RFC 6091 because I wanted to see it working and also to generate some interests. > If you want identity based on OpenPGP, but authentication using X.509 > (to take advantage of existing code), one way to do it is to have a > machine-readable OpenPGP-signed assertion of the form "please assume > that only I have access to the corresponding private key for the > following self-signed X.509 cert: [...]". Something like that, or a > subkey-based approach, would also have the advantage that an exploitable > bug in your XMPP software would only result in disclosure of XMPP > messages, and not a compromise of the OpenPGP key (and hence everything > else it had been used for). > If I sign you something you provide I can prove I own my private key, right? Isn't it what TLS and RFC 6091 somewhat define? Maybe I didn't fully understand your statement. -- Daniele
