Some login/sasl questions for 0.11

I asked these on the MUC, but remko wanted the discussion to
be here. 

1) do we want double encryption (TLS and SASL based at the
same time)
    we currently do double encryption, but i think it's not
a great idea.
    i think changing psi to don't double encrypt would be
easy. I can
    try to write a patch for that *if* that's what should be
done.

2) does auth-int (that is SASL based connection integrety
support 
  (aka signing stuff send over the wire)) still show up the
same
  as encrypted connections? If so, is that ok?
    I guess this needs testing. Matthias Wimmer mentioned
this
    when we debugged psi+cyrus and jabberd1.6 interop

3) do we want to have a allow plaintext login over encrypted
streams
   option? (or change current allow plaintext to mean that).

     some start of a discussion at 
     http://chatlogs.jabber.ru/psi%40con
ference.jabber.ru/2007/02/04.html#20:55:18
     I think a 
     Allow Plaintext: [Over encrypted session | Always |
Never]
     would be best. But maybe we just don't need this.
     
     

- Martin
_______________________________________________
psi-devel mailing list
psi-devellists.affinix.com
http://lists.affinix.com/listinfo.cgi/psi-devel-affin
ix.com

textshell wrote:

> 3) do we want to have a allow plaintext login over
encrypted streams
>    option? (or change current allow plaintext to mean
that). 
>      some start of a discussion at 
>      http://chatlogs.jabber.ru/psi%40con
ference.jabber.ru/2007/02/04.html#20:55:18
>      I think a 
>      Allow Plaintext: [Over encrypted session | Always
| Never]
>      would be best. But maybe we just don't need this.

I think we cannot disallow users to use plaintext login -
some servers 
require it (simpliest example: Google Talk - it requires
STARTTLS and 
plaintext). However, we should warn user if he/she selects
plaintext but 
no encryption.


-- 
Michał Jazłowiecki (michalj)
Psi Forum & Wiki Moderator :: Psi-Daisy Author

_______________________________________________
psi-devel mailing list
psi-devellists.affinix.com
http://lists.affinix.com/listinfo.cgi/psi-devel-affin
ix.com

> I think we cannot disallow users to use plaintext
login

That was never the intention. The question was whether we
should make
a distinction of allowing plaintext over encrypted and
non-encrypted
streams, in order to give the user more control over his
security.
Now, it's all or nothing (unless you force SSL).

cheers,
Remko
_______________________________________________
psi-devel mailing list
psi-devellists.affinix.com
http://lists.affinix.com/listinfo.cgi/psi-devel-affin
ix.com

On Mon, Feb 05, 2007 at 01:41:57AM +0100, Matthias Wimmer
wrote:
> Hi Remko!
> 
> Matthias Wimmer schrieb:
> > ... I'll later check again if the lock icon is
still locked for only 
> > integrity-protected connections.
> >   
> 
> I've just rechecked. Test environment:
> 
> psi-dev-snapshot-2007-02-04 using Cyrus SASL, OS:
Linux
> 
> Established connection to my server using no TLS
(disabled at the 
> server) and DIGEST-MD5 in auth-int mode (disabled
auth-conf by seting 
> max_ssf to 1 at the server).
> 
> Result:
> 
> Lock is shown as closed, so that a user might expect,
that the 
> connection is encrypted and cannot be read by someone
having access to 
> the network.
> 
> I think as a first solution the lock should be shown as
open in case, 
> that the connection is only integrity protected (i.e.
Cyrus returns a 
> security strength factor of "1"). But for the
long term it might be good 
> to have a third symbol indicating a connection is
integrity protected 
> but not encrypted.
> 
> 

Thanks for checking this. I implemented a patch that should
implement
the first solution. It's only compile tested but pretty
trivial.

 - Martin
_______________________________________________
psi-devel mailing list
psi-devellists.affinix.com
http://lists.affinix.com/listinfo.cgi/psi-devel-affin
ix.com