This just came up, thought it might be of interest https://secure-resumption.com/
xnyhps
Lloyd: That was also mentioned here yesterday. My expectation is that nothing on XMPP is vulnerable as nothing uses TLS resumption.
Lloyd
xnyhps, ahh missed that apologies. Good to hear about the lack of vulnerability though
xnyhps
(Though I don't have much concrete evidence for that…)
stpeterhas joined
Ashhas left
emchohas left
emchohas joined
Kevhas joined
Kev
As far as I can tell from the description, this doesn't require the client to not check server certs.
Kev
dwd: Are you sure this is the case?
Kev
Or, at least, it doesn't require as sever as 'verify nothing', I think.
Zashhas joined
xnyhps
Kev: The image shows the Attacker replaces the cert with its own cert.
Kev
I could easily have misread this. But it seemed to me to be saying that the attacker's website wasn't claiming to be the victim's website.
jabberjockehas joined
Kev
I need to work out how I'm going to grab lunch, if I'm going to be travelling across London at lunchtime.
Kev
Need to leave the hotel at 11 to get to the Hilton for 12:30, if TFL is to be believed.
Ashhas joined
xnyhps
I stand corrected, jabber.org lets you do TLS resumption.Hm.
Kev
Although not client strong-auth.
dwd
Kev, I think that the Attacker would have to pretend to be some site for which the credentials matched, at least.
xnyhps
Attacker has attacker.com, user visits that and it obtains the client-cert from the user and presents it to goodserver.com?
Kev
Maybe I should understand the attack, instead of just reading the decription.
Kev
+s
Kev
I read it as the attacker presenting their own identity.
Kev
And then swapping out to a MITMd session to the victim.
xnyhps
Yeah, I think you're right.
xnyhps
But of course, when you try to attack the channel-binding part of SCRAM-SHA-1-PLUS, you do need valid credentials of the server.
xnyhps
Or the client must have used an identical nodepart and password on your server as on the malicious server.
xnyhps
But if you have that, there's nothing you can win by an attack, you have the password. :)
ralphm
hah
Kev
I guess I need to start thinking about heading into town.
Kev
Right. See folks at precis, I guess.
Kevhas left
jabberjockehas left
Zashhas joined
dwd
Ah, Kitten have just started discussing the TLS MITM stuff.
Zash
Kitten is now?
dwd
Looks like the consensus might be that resumption is a no-no.
dwd
This is on the list.
Zash
ah
dwd
Kitten is Thursday, 1520-1650.
Zashhas left
xnyhpshas left
stpeterhas left
Lancehas joined
Santiago26has joined
Lloydhas left
Ashhas left
Ashhas joined
emchohas left
emchohas joined
emchohas left
Santiago26has left
Santiago26has joined
intosihas left
emchohas joined
emchohas left
emchohas joined
Kevhas joined
Kev
And that's my first hallway bump-into-someone.
Kev
Who else is here? :)
emchohas left
Santiago26has left
Santiago26has joined
dwd
I'm just about to hop into the car. I should make the IETF hallway for about 6pm or so if I'm lucky; if not I'll see you at the meetup.
stpeterhas joined
Kev
It's entirely possible I won't be here by 6pm, but we'll see. I'm intending crowd-following once precis/xmpp are done.
Kev
I have my pretty noob-ribbon on :)
dwd
If I'd gone properly, I would have qualified for a noob ribbon, plus a WG Chair dot, which I'd have found amusing.
Santiago26has left
stpeter
dwd: I don't think you would have been the first
stpeter
although it is rare
stpeter
for what WG are you a chair?
dwd
qresync, now in shutdown-wait.
Kev
I guess I should try to find precis.
Kev
Follow the yelllow arrows?
stpeter
I need to find that, too, but I'm still in another meeting
stpeter
ah, it's downstairs
stpeter
3 floors down in the east wing, right off the lobby
stpeter
this hotel has a strange layout
Kev
It's a labyrinth.
Kev
Going hunting, BRB.
Kevhas left
dwdhas left
stpeterhas left
Santiago26has joined
Zashhas joined
stpeterhas joined
Kevhas joined
Santiago26has left
Alexhas left
Alexhas joined
Lancehas joined
emchohas joined
emchohas left
emchohas joined
Ashhas left
Lancehas joined
Zash
Kev: Did you see the video?
Santiago26has left
Kev
I haven't watched it yet.
Kev
I saw that there was one.
xnyhpshas left
Kevhas left
Zashhas left
Ashhas joined
Kevhas joined
Santiago26has left
Santiago26has joined
Zashhas joined
SMhas joined
emchohas left
xnyhpshas left
Santiago26has left
Santiago26has joined
emchohas joined
emchohas left
emchohas joined
emchohas left
emchohas joined
Lancehas joined
emchohas left
Lancehas joined
emchohas joined
emchohas left
emchohas joined
Santiago26has left
Zashhas joined
xnyhpshas left
fippo
hah, another two tls vulnerabilities. I think the tlswg will have fun
fippo
even though those were library issues
ralphm
Zash: was my suggestion clear?
Zashhas left
Zashhas joined
Kev
So, I'm currently sat in the TLS WG session, along with assorted other XMPP people, but I note that this goes on until 6:40. ISTR Lloyd suggesting that we should be at Moz at 6:30.
Zash
Hmm
xnyhps
I thought 7?
ralphm
Kev: ubber can't do time travel. Disappointing
Kev
Upon arrival Surevine will have pizza and beer waiting (around 6:30pm). The latest schedule is posted up on http://lanyrd.com/2014/xmppuk/.
xnyhps
Oh, meetup had 7.
Tobiashas joined
stpeter
do we need to sign up for Uber in order to catch a ride
xnyhps
I think you need to give them your credit card number.
Kev
I would be inclined to just grab the tube, personally, but I have an Oyster card.
Zash
I wanna see the series of tubes :)
stpeter
http://wiki.xmpp.org/web/IETF_89 says "We're planning on holding the XMPP meetup at MozSpace at 101 St. Martin's Lane, starting at 7pm."
stpeter
I'd be happy with the tube
Zash
ralphm: Your suggestion was?
xnyhps
I was planning to take the tube, too.
Kev
It's 20mins by tube, along Bakerloo, I believe.
Kev
https://www.google.com/maps/dir/Hilton+London+Metropole,+225+Edgware+Rd,+London+W2+1JU,+UK/51%C2%B030'37.4%22N+0%C2%B007'37.4%22W/@51.5201367,-0.1530664,13z/data=!4m12!4m11!1m5!1m1!1s0x48761ab4122b2d83:0xfdfeed0b864cbfb0!2m2!1d-0.1694932!2d51.5191439!1m3!2m2!1d-0.1270556!2d51.5103889!3e3
What a lovely URI.
ralphm
Zash: webrtc data channels
Zash
ralphm: Because that's likely to be implemented by clients anyways?
stpeter
ralphm: XTLS (Dirk Meyer's work) could offer a webrtc data channel as one of the transport options
ralphm
Zash: yes, that's my thinking
Zash
stpeter: Which is why it sounded like XTLS to me
stpeternods to Zash
ralphm
stpeter: yes, but I want to do away with IBB entirely
Zash
ralphm: Does XTLS say you have to use IBB?
stpeter
ralphm: so XTLS but MUST NOT offer IBB?
Zash
I don't see the need, really. Jingle lets you negotiate transport.
Zash
But what are the security bits you want to solve?
ralphm
Zash: well, sure, but my personal opinion is that IBB is horrible and don't want to have people need to implement it
stpeter
webrtc data channels seem convenient, for sure
ralphm
Zash: I think having out-of-band XML Streams for e2e are easier to implement
Ge0rG
I like IBB because it allows to leverage a trusted server for end-to-end file exchange
ralphm
Ge0rG: I don't see how that is better than negotiating an out-of-band connection with the server, over Jingle.
Ge0rG
besides, aren't XTLS and WebRTC data channels solving the same problem?
stpeter
Ge0rG: no
stpeter
Ge0rG: XTLS is end-to-end encryption - data channels would be one end-to-end transport over which we could negotiate end-to-end TLS
Zash
ralphm: Having IBB be MTI for E2E does indeed seem problematic. I think someone mentioned that you'd basically have to open a loopback connection to yourself, tunnel it over IBB and then starttls on that
Zash
Unless there are better tls libs that I've not seen
Ashhas left
Ge0rG
stpeter: but webrtc has dtls for end-to-end encryption, righT?
ralphm
stpeter: I'm not suggesting using any of webrtc per se, just the same p2p transport for the actual bits, with sctp/rtp/dtls and all that, as you would negotiate webrtc data channels
fippo
stpeter: we do negotiate end-to-end (d)tls with webrtc data channels. but the exchange of fingerprints is not protected.
xnyhps
Zash: Wat? Aren't most TLS libraries separated from network libraries?
Zash
xnyhps: Not really looked further than LuaSec
stpeter
ralphm: ah, thanks for the clarification
ralphm
XTLS says:
ralphm
More complex scenarios are theoretically supported (e.g., encrypted
file transfer using SOCKS5 bytestreams and encrypted voice chat using
DTLS-SRTP) but have not yet been fully defined.
XTLS theoretically can be used to establish a TLS-encrypted streaming
transport or a DTLS-encrypted datagram transport, but integration
with DTLS [DTLS] has not yet been prototyped so use with streaming
transports is the more stable scenario.
ralphm
So I'm saying we go the next step and actually prototype that thing mentioned, with the same tech as used for webrtc data channels.
ralphm
I think this makes people's live slightly better and allows us to piggyback on that work.
Ge0rG
how is dtls security handled in webrtc?
Zash
Ge0rG: AFAIK, you send a fingerprint through the SDP blob via your whatever server.