Subject: Policy-Discussion
List archive
- From: Philipp Gühring <pg AT futureware.at>
- To: Policy-Discussion <cacert-policy AT lists.cacert.org>
- Subject: ***Spam*** Re: [CAcert-Policy] What is CAcert's mission?
- Date: Thu, 16 Feb 2006 22:29:17 +0100
- List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
- List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
- Organization: Futureware 2001
Hi Peter,
> > How's tricks? How's the IM world? Did they ever get
> > their crypto sorted out?
>
> In the Jabber world we use TLS for channel encryption and have been
> making good progress with Duane on including the right ASN.1 bits (see
> Section 5.1.1 of RFC 3920) in domain certificates to use CAcert-issued
> certificates for secure server-to-server federation. Then we do SASL
> EXTERNAL for auth and Bob's your uncle.
I had some weird problems trying to get that running. Some servers still have
serious troubles with TLS handling, and some clients don´t tell you, whether
you are actually using TLS or not. (A friend of mine, who is a security
specialist was a surprised, when I showed him, that his supposedly encrypted
connection to his Jabber server was plaintext instead. He had activated "use
SSL when available" in the configuration, but it didn´t worked, and he didn´t
noticed.) Things like that make you loose the trust in Jabber as a whole.
> Of course, if you don't trust the servers (and naturally you shouldn't)
> then we need end-to-end encryption, but we still haven't worked out a
> commonly-used system for that. :( (Some clients do OpenPGP, none do the
> S/MIME stuff in RFC 3923, and the OTR-like protocol in JEP-0116 is still
> experimental.)
Then I suggest the following for you:
You should start a "Jabber compliant" campaign. Setting up a small
test-center, and verifying the Jabber protocol compliant-ness and certain
usability requirements, before a product can call itself "Jabber compliant".
Define some minium "quality of service" that a product has to support, to be
officially Jabber compliant.
Create a automated test-suite that helps you testing it.
If you don´t do it, the Jabber world will consist of interoperability issues,
and the users won´t be happy about Jabber in the end, having too many issues
with each different software package.
(Take a look at PKCS#11 for example, to see how bad non-quality controlled
infrastructure can totally cannibalize the given standards)
Best regards,
Philipp Gühring
- Re: [CAcert-Policy] What is CAcert's mission?, Ian G, 02/16/2006
- Re: [CAcert-Policy] What is CAcert's mission?, Peter Saint-Andre, 02/16/2006
- Re: [CAcert-Policy] What is CAcert's mission?, Ian G, 02/16/2006
- Re: [CAcert-Policy] What is CAcert's mission?, Peter Saint-Andre, 02/16/2006
- ***Spam*** Re: [CAcert-Policy] What is CAcert's mission?, Philipp Gühring, 02/16/2006
- Re: ***Spam*** Re: [CAcert-Policy] What is CAcert's mission?, Peter Saint-Andre, 02/16/2006
- RE: ***Spam*** Re: [CAcert-Policy] What is CAcert's mission?, Peter Williams, 02/21/2006
- Re: [CAcert-Policy] What is CAcert's mission?, Duane, 02/21/2006
- ***Spam*** Re: [CAcert-Policy] What is CAcert's mission?, Philipp Gühring, 02/16/2006
- Re: [CAcert-Policy] What is CAcert's mission?, Peter Saint-Andre, 02/16/2006
- Re: [CAcert-Policy] What is CAcert's mission?, Ian G, 02/16/2006
- Re: [CAcert-Policy] What is CAcert's mission?, Peter Saint-Andre, 02/16/2006
Archive powered by MHonArc 2.6.16.