[Pidgin] EndToEndXMPPCrypto modified

Pidgin trac at pidgin.im
Sat Jan 25 22:53:00 EST 2014


Page "EndToEndXMPPCrypto" was changed by elb
Diff URL: <https://developer.pidgin.im/wiki/EndToEndXMPPCrypto?action=diff&version=8>
Revision 8
Changes:
-------8<------8<------8<------8<------8<------8<------8<------8<--------
Index: EndToEndXMPPCrypto
=========================================================================
--- EndToEndXMPPCrypto (version: 7)
+++ EndToEndXMPPCrypto (version: 8)
@@ -30,6 +30,10 @@
  * '''A plurality of key authentication mechanisms.'''  The public key exchange mechanism should allow for multiple disparate authentication methods to be communicated.  For example, an S/MIME signature using a PKI x.509 certificate and a GPG signature of the same key material might be provided, along side whatever native signing protocol is used.  These authentication mechanisms should be readily extensible and have enough structure that useful mechanisms can be clearly defined.  Note that the client itself need not handle mechanisms it does not understand, but mechanisms should be designed such that the client can present the information to the user in a form that lends itself to validation -- ''e.g.'', a GPG signature might simply be presented as an ASCII armored text block.
  * '''Opportunistic encryption.'''  Indication of encryption and authentication capabilities should be provided in some way to clients who are not on our roster or who do not have us in their roster, so that encryption may be used opportunistically.  This should include a way to exchange keys and key authentication materials.  Some sort of access control may be required to prevent automated exchanges from becoming a DoS or privacy attack vector.
 
+== Other Considerations ==
+
+It may be desirable to design the protocol such that the primary key material can be managed through an interface like that provided by {{{ssh-agent}}}.  (Not {{{ssh-agent}}} itself, as I believe it handles only signatures.)  IM clients are large and complicated applications with fairly large network-exposed surfaces; protecting the primary key material itself provides some defense against exploits in the client.
+
 == Relevant Protocols ==
 
  * '''OTR:''' https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html
-------8<------8<------8<------8<------8<------8<------8<------8<--------

--
Page URL: <https://developer.pidgin.im/wiki/EndToEndXMPPCrypto>
Pidgin <https://pidgin.im>
Pidgin

This is an automated message. Someone added your email address to be
notified of changes on 'EndToEndXMPPCrypto' page.
If it was not you, please report to datallah at pidgin.im.


More information about the Wikiedit mailing list