[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [JDEV] Security (was: anonymous users)




> Anonymous users are a good idea, as long as they are identified as such,
> but deciding that we don't need any security apart from client-client
> and a simple textual password is a rather limited vision I think.
> The framework for building a secure system must be there, even if
> many transports are not secure.

With the way it works right now, I think the framework is already there to
overlay security w/o really changing the functionality underneath... but
if it can be added w/o overcomplicating things or limiting functionality,
I'm all for it!

> For example, we could assign transport security levels, ranging from
> fully authenticated and encrypted, through encrypted authentication
> but plaintext transmitted, to plaintext authenticated, and
> finally unauthenticated.
> A server should alter the security level of a message based on the
> authentication level and its trust of the transmitting client or server.

Wouldn't that require integrating some sort of encryption/decryption
engine everywhere?  Since things can be plugged in anywhere and
transported/relayed through various processes, the "secure" transport will
have to pass through many "insecure" layers before reaching a "secure"
Jabber transport or client... 

There is no reason that a "secure" server couldn't be written that uses
encryption everywhere, for all securly connected users and trusted
transports...  this would actually be a very good thing for those that
want the best in security! 

> At the very least I want to make it very hard for people to pretend
> to be me without having to go the public/private key path. This
> includes faking presence.

I honestly don't see how that is possible in any way w/o a public/private
key structure.  Sure, there are a good deal of things that can be done to
make it very difficult to do this, but ultimately the only thing I know of
that will guarantee this is keys.

> This is a good point.  I have a system which progessively gives a user
> worse performance if they abuse the system. A good principle is to have
> a user's performance behave twice as bad than if everybody was doing the
> same as they were. I do this by introducing artificial delays to responses
> once their "load average" reaches a certain level.

Hmm... I like this idea... the more you abuse, the less you use :)

To be honest, I'll be quite happy when Jabber attains the popularity where
"abuse" issues become a problem.  Anonymous users are identified by the
scoket they are using, and the server can be programmed with reasonable
restriction to help curb abuse when it starts becoming a problem(or before
when we can better identify the ways this can happen and it's under
heavier use/testing by us).

Jer