XMPP Service Operators - 2020-08-31

  1. tom

    Can we get rid of passwords already and use public key authentication?

  2. jonas’

    I’d be all in, if we hide it from the users :)

  3. kikuchiyo

    Wouldn't that require client devs to integrate authentication agents and users to remember longer passphrases?

  4. jonas’

    kikuchiyo, no, why? tie the private key to the device.

  5. jonas’

    passphrase optional.

  6. jonas’

    on mobile OSes, that would be reasonably secure, since apps can’t read each other’s storage

  7. jonas’

    (or you can even put it in the OSes secret vault)

  8. jonas’

    breaks down on standard desktop OSes of course, but who uses those anyways.

  9. kikuchiyo

    Ok, what does this mean for multiple or lost devices?

  10. jonas’

    different private key for each device, obviously

  11. jonas’

    because of that, you can revoke access for lost devices easly

  12. jonas’

    if you lost all devices, you’ll need an out-of-band recovery mechanism, just as if you lost your password

  13. tom

    I strongly disagree

  14. tom

    You have strong crypto auth

  15. tom

    And then you add a backdoor

  16. tom

    It's up to the user not to have a backup key hidden somewhere

  17. jonas’

    of course

  18. jonas’

    because user’s are good at that!

  19. tom

    And in worst case they don't, they could go to their hosting provider showing physical ID and having someone who knews them add in a new key

  20. jonas’

    which is *exactly* the kind of out-of-band recovery mechanism I’m talking about?

  21. jonas’

    what’s your problem then?

  22. tom

    I thought you meant automated

  23. tom

    » just as if you lost your password

  24. jonas’

    of course automated for any non-terrible-UX service

  25. tom

    Strongly disagree

  26. jonas’

    for terrible-UX-but-high-security services you’d not do that automated obviously.

  27. tom

    I'm really tired of having to use software design for morons

  28. jonas’

    sorry to hear

  29. tom

    I know what it means to use unbreakable crypto when i turn it on

  30. tom

    A lot of companies like to assume their users are stupid and add all kinds of backdoors into the crypto

  31. tom

    Calling them recovery

  32. tom

    So like you have 2fa, but you can guess someone's pet name or look up their mother's name

  33. tom

    And bypass the security

  34. tom

    I can auth to IRC servers with a client certificate

  35. tom

    Shouldn't that be possible with XMPP as well?

  36. tom

    Instead of having to remember passwords

  37. tom

    Keeping a bunch of passwords in a database

  38. tom

    Take wireguard for example of doing authentication right and and making simple

  39. tom


  40. jonas’

    wireguard is too simple for some use-cases though

  41. jonas’

    anything road-warrior-corporate-type for example.

  42. tom

    I use it on my laptop

  43. tom

    It's perfectly adequete

  44. kikuchiyo

    > different private key for each device, obviously New devices would need to be cross signed from an already known device, yes?

  45. pep.

    > jonas’> because of that, you can revoke access for lost devices easly Because of that, you can race to revoke access for lost devices easily. FTFY

  46. jonas’


  47. pep.

    Since the lost device would probably have the same authz

  48. jonas’

    kikuchiyo, "signed", or simply one-time authenticated with a "device invite" link

  49. jonas’

    pep., removing devices could require a second factor

  50. pep.

    And you probably just lost it :/

  51. Martin

    Andotp on the lost mobile 😁

  52. pep.

    Revocation is annoying

  53. kikuchiyo

    > kikuchiyo, "signed", or simply one-time authenticated with a "device invite" link One-time authentication leads to a race of one-time revokation. How about not revoking a device, but revoking the compromised identity?

  54. pep.

    You don't get rid of the race do you

  55. kikuchiyo

    pep.: Since there is no continuity, you would need to reestablish trust for a new one.

  56. pep.

    That also means at any time, somebody (with the right authz, e.g., stolen device) can revoke your perfectly valid identities

  57. pep.

    (and 2FA on the stolen mobile device, because that's how things work nowadays :p)

  58. kikuchiyo

    Which comes down to meeting in real life or using 2fa.

  59. pep.

    meeting in real life with whom?

  60. pep.

    The server operator?

  61. pep.

    (I haven't read the past few days of logs)

  62. kikuchiyo

    Those to whom you want to communicate with.

  63. pep.

    Assuming you can also still login first

  64. pep.

    Password is unchanged, etc.

  65. kikuchiyo

    > Assuming you can also still login first No, assuming that the other party knows you in person and can verify that in real life. The underlying philosophical problem is: _What is identity_ One answer to that could be: A common history.

  66. pep.

    I meant, you might not have access to your account anymore

  67. pep.

    In this case surely you can create a new account/identity and get this one acked

  68. pep.

    Unless you manage to convince the operator that it's your account

  69. kikuchiyo

    pep.: Yes a comprised account is a compromised virtual identity. So there is nothing left than to refer to a second identity, e.g. the real life identity, to establish new trust.

  70. kikuchiyo

    You just need to make sure that the old identity gets revoked completely.

  71. pep.

    And I'm saying that's the hard part. First if you don't control the account anymore, either you need to regain control of it through the operator, or you need to go through all your contacts and revoke it out-of-band (by meeting IRL)

  72. pep.

    You don't "just" revoke an identity

  73. Maranda


  74. pep.

    What is it Maranda, your hand smells nice? :P

  75. Maranda

    They smell of disinfectant like everyone's, if they're good childs that is pep.

  76. kikuchiyo

    pep.: I know this is not the usual way of thinking about revokation. > you need to go through all your contacts and revoke it out-of-band (by meeting IRL) Or by enabling whomever has gained control over the old identity (including yourself) to destroy it and all of the attached keys, but not to initiate a new one without meeting IRL or 2fa.

  77. pep.

    Yes and that person in control of your old identity might have no interest in destroying it :p

  78. pep.

    (or it might be exactly their goal: DoS)

  79. kikuchiyo

    pep.: One person in control has to be able to hit the kill switch for the identity - that would be you. If the attacker does that he looses control. This is a like a remote mechanism to dye stolen money.

  80. pep.

    Well "Availability" is also part of CIA

  81. Martin

    Anyone from anonym.im here,

  82. Martin

    Anyone from anonym.im here?