On 31/07/2015 10:27, Daniele Ricci wrote:
Hello Goffi,
XEP-0027 has serious security concerns, especially regarding reply
attacks and key verification (you can read those in the "Security
considerations" paragraph of the XEP). It's true that a real
replacement hasn't been drafted yet (there are some drafts, but
nothing really definitive or practical to use).
In my project I use a modified version of XEP-0027, using XEP-0189 for
key management (supervised by the server). I took an example from an
e2e RFC draft (I really can't remember the number now, sorry), which
used Message/CPIM to enforce message metadata inside the encrypted
content. That's a bit more secure than plain XEP-0027, still there are
many other attack vectors that can be used. I'll probably draft a XEP
one day.
As for making XEP-0027 obsolete, that XEP is just informative: it's
the description of a protocol that was never standardized and as I
said it had security issues from the beginning. But at the time,
security was a different thing ;-)
OK, I understand. That means that OpenPGP use with XMPP is not discarded
and we just need a proper and more secure XEP. I would be really
interested if you publish a protoXEP one day. Thanks for your answer.
Goffi
