e2e II


Late last month I posted some thoughts on the problem of end-to-end encryption over XMPP (read that first). Hal Rottenberg reasonably replied that it's not nice to ignore X.509 since lots of big companies are deploying certificates to all their employees (the community equivalent is CAcert, to which I sent my credentials a few weeks ago). Hal is right -- we need a solution that is inclusive rather than exclusive. The challenge, as Trejkaz commented at Hal's blog, is that any e2e solution is exclusive if it depends on PGP keys or X.509 certificates. We need a security system that works even for the proverbial Aunt Tillie, who we know will never go through the trouble of generating a PGP key or acquiring a personal certificate. Trejkaz suggests off-the-record messaging (OTR). Someone at a university in the UK emailed me recently about the desiability of identity-based encryption (IBE) for XMPP -- your "key" would simply by your Jabber ID. Another approach, which several developers have told me they prefer, is something like the solution outlined in JEP-0116. That JEP proposed a technology called "encrypted sessions" or ESessions, similar to the model of ssh. The good thing about ssh is that it is a successful implementation of what is known as opportunistic cryptography. Even though Dave Smith retracted JEP-0116 and continues to say that it is too complex, I wonder if we could simplify it a bit while also enabling implementations to use existing PGP keys and/or X.509 certs as the credentials (rather than generated DSA/RSA keys). The main objection raised against ESessions is that it does not enable you to send encrypted messages to someone who is not online at the time. Given that the main point of IM is to send messages to people who are online (the feature we call offline message handling is not even offered in consumer IM services), I do wonder if this objection is all that consequential (you can't have everything!). One can always send a message that says "contact me when we're both online" if the other person is offline. Sure, this introduces a possible downgrade attack, but you'd need to hack the other person's presence to make it happen (which strikes me as unlikely though, of course, not impossible). ESessions is not perfect, but IMHO it's pretty good even though it could be simplified. So let's improve and simplify it already!

Peter Saint-Andre > Journal