one small voice

stpeter's blog on jabber, technology, history, philosophy, et alia

about

who
what
where
when
why
how
comments

feeds

ATOM

RSS

categories

identity
jabber
language
literature
music
personal
philosophy
politics
public domain
society
technology

archive

current
2007-04
2007-03
2007-02
2007-01
2006-12
2006-11
2006-10
2006-09
2006-08
2006-07
2006-06
2006-05
2006-04
2006-03
2006-02
2006-01
2005-12
2005-11
2005-10
2005-09
2005-08
2005-07
2005-06
2005-05
2005-04
2005-03
2005-02
2005-01
2004-12
2004-11
2004-10
2004-09
2004-08
2004-07
2004-06
2004-05
2004-04
2004-03
2004-02
2004-01
2003-12
2003-11
2003-10
2003-09
2003-08
2003-07
2003-06
2003-05
2003-04
2003-03
2003-02
2003-01
2002-12
2002-11
2002-10
2002-09
2002-08
2002-07
2002-06
2002-05
2002-04
2002-03
2002-02
2002-01
2001-12
2001-11
2001-10
2001-09

2005-02-28

e2e Redux

Breaking the logjam?

We really need to move forward with a workable solution for end-to-end encryption in Jabber/XMPP ("e2e" for short). The existing technologies and proposals include:

  • old-style message encryption using PGP/GPG keys (JEP-0027) -- this has been widely deployed since 1999/2000 but has a few weaknesses that could be addressed
  • a proposal for encrypted sessions (JEP-0116) -- since retracted, so probably a non-starter
  • xmpp-e2e (RFC 3923) -- produced by the IETF's XMPP Working Group, but no one has implemented it yet, in large measure because it is just not very Jabber-ish and requires inclusion of a CPIM parser (of which there are none)
  • other proto-proposals floating around out there (such as secure stanzas) -- well, they're proto-proposals and have not been seriously discussed as yet

While I was chatting earlier today with Perry Metzger, he indicated his preference for something nice and simple along the lines of JEP-0027 (a sentiment echoed by Ian Grigg). Perry thinks the biggest failing of JEP-0027 is that it's not exactly easy to find the other person's key. But it seems that we have at least three ways to discover another person's public key over XMPP (not counting things like parking keys at HTTP URIs):

  1. Put the key in the user's vCard -- RFC 2426 has a KEY field, and this is inherited by JEP-0054. Pro: it's darn simple and straightforward, since most servers already support vcard-temp storage and retrieval. Con: we're trying to move away from the vcard-temp protocol.
  2. Publish the key to a well-known service discovery node using the "disco publish" protocol defined in JEP-0030. Pro: almost as simple as vcard-temp and more sustainable long-term if (as planned) we move away from vcard-temp. Con: not every server implementation supports disco publish yet, though they really ought to.
  3. Publish the key to a publish-subscribe node as defined in JEP-0060 so that subscribers can be informed whenever the key changes. Pro: good notification of key changes. Con: publish-subscribe services are not widespread yet and neither is client support.

Seems to me that option #2 is preferable, although option #1 is a possibility for fast deployment (migrating vCard data to a new format is a separate problem, which we will tackle once we define that format; in the meantime, why not use vcard-temp?).

Now, another failing with JEP-0027 is that it enables two things only: signed presence and encrypted message bodies. You can't use it to encrypt presence, encrypt IQs, or encrypt a complete message stanza (only the body). This is sub-optimal for a complete solution. However, it seems that we could update and obsolete JEP-0027 (new JEP, new namespace) with a proposal that encrypts the entire stanza, not just the message body, and that enables signing as well as encryption. The result would be a protocol that enables signing and encryption of complete XML stanzas (à la RFC 3923) but that retains the simplicity of JEP-0027 and does not depend on inclusion of a CPIM parser. In essence this would be an incremental improvement over the current JEP-0027 protocol (which has worked well since 1999 or early 2000) and thus would be consistent with The Law of Standards.

What else could be improved in JEP-0027? The Security Considerations and Other Known Issues sections list the following concerns:

  • "Key exchange relies on the web of trust model used on the OpenPGP keys network." -- I am not sure that this is a failing (see SSL considered harmful), and we could build stronger webs of trust via Jabber/XMPP (e.g., by using roster entries as proxies for trust webs).
  • "There is no mechanism for checking a fingerprint or ownership of a key other than checking the user IDs on a key." -- See above on trust webs (e.g., I could ping someone else in my roster and see if he has the same fingerprint on file).
  • "When the recipient is not mentioned in the encrypted body, replay attacks are possible on messages." -- We can solve this by always encrypting the complete stanza, not the character data of the message body.
  • "Replay of the signed status is possible." -- But we could encrypt presence as well if need be.
  • "It relies on signing or encryption of XML character data; therefore, it does not support signing or encryption of stanzas, and it allows signing of the presence element and encryption of the message element only. Thus the method is not acceptable when signing or encryption of full stanzas is required." -- Already addressed by encypting complete stanzas.
  • "It does not enable both signing and encryption of a stanza, only signing of the presence status and encryption of the message body." -- This would be fixed in JEP27+ by specifying the order of encrypting and signing; e.g., as per section 6.5 of RFC 3923, I think we'd say that "if a stanza is both signed and encrypted, it SHOULD be signed first, then encrypted."
  • "It is limited to PGP keys and does not support X.509 certificates, Kerberos, RSA keys, etc." -- I'm not sure this is really a failing, since a smart Jabber client could generate PGP keys for users and thus hide the hard parts of generating and revoking keys.
  • "It does not include feature negotiation; instead, signed presence is used as an indicator of support. Because of the lack of negotiation it is possible for encrypted elements to be stored offline and then read by a client that cannot support them." -- We could write up a lightweight session negotiation format on top of JEP-0020 (or JEP-0095) in order to negotiate the use of encryption between two entities. Or a smart Jabber client could refuse to send encrypted messages to a contact for which it doesn't have a key on file (see above on key discovery).
  • "It is verbose (the example encrypted is "Hi")." -- Life is hard. You want encryption, you gotta pay the price. There's always stream compression if you're really concerned about stanza sizes. And if you hit karma limits on a public Jabber server, you can always run your own server.

In sum, I think a new and improved version of JEP-0027 is the best path forward for end-to-end encryption in Jabber/XMPP.

Let the flames begin!

Posted on 2005-02-28 at 16:24. File under jabber.

link ~

Old Friends

From ARS to Nav3D.

Over lunch with pgm I mentioned my old friend Andy Barrows, with whom I studied at the long-defunct American Renaissance School before he went off to MIT and then Stanford (that's him on the left in this image of some flight testing over Alaska). Now it seems that Andy is CEO of Nav3D, a company that produces synthetic vision systems which integrate GPS data with 3D graphics, thus enabling people (e.g., pilots) to visualize scenes in real time. Kinda cool.

Posted on 2005-02-28 at 14:23. File under personal.

link ~

2005-02-25

JJ #21

The latest Jabber Journal.

Jabber Journal #21 is now available. Enjoy!

Posted on 2005-02-25 at 17:17. File under jabber.

link ~

Identity Blogs

Mapping the identity space.

For various reasons, I've gotten interested in the topic of digital identity. For my own future reference if nothing else, here's a list of weblogs of interest in the identity space:

And of course there's the Technorati identity page, which yields interesting entries like this one on distributed authentication.

Posted on 2005-02-25 at 14:41. File under identity.

link ~

Core

A peek into Jabber history.

Heh, in keeping with the Jer philosophy of keeping everything, pgmillard just put online all the old files that used to be located at core.jabber.org (betcha didn't even know that site existed!). Quite a trip down memory lane -- just don't take anything there too seriously as a definition of Jabber protocols, OK? (Note: some protocols were more successful than others. ;-)

Posted on 2005-02-25 at 14:15. File under jabber.

link ~

2005-02-23

Ghosts

Living without ID.

Claire Wolfe is thinking about ditching her truck. Normally not a big deal -- except she's considering it so that won't have to register a vehicle, since (apropos of recent talk about a national ID system) that requires her to maintain a "tie" to "the system" (i.e., being entered in some large government database somewhere). That got me to thinking: what would it be like to live with no government-issued ID of any kind? No Social Security Number, no driver's license, no nothin'. Presumably it would be difficult or impossible to do lots of things that "normal" folks take for granted: buying houses, using credit cards, flying on commercial airplanes, and so on. From the perspective of mainstream America, you'd be a ghost. Probably a fair number of people already live like that, for one reason or another. But one thing's for sure: if I were to do that, I wouldn't hole up in the boonies as Claire seems to do (how do you get to your cabin in the woods without a vehicle?) -- instead I'd head straight for New York City. There can be great freedom in the anonymity of a big city.

Posted on 2005-02-23 at 20:49. File under society.

link ~

XTech Redux

Amsterdam Bound?

Edd Dumbill has announced that the program for XTech 2005 is now available, and it seems that my proposal was accepted. Now I need to figure out if I'll be able to travel to Amsterdam for the conference.

Posted on 2005-02-23 at 20:43. File under jabber.

link ~

2005-02-10

Stephenson @ Reason

An interview of interest.

I'm not a huge fan of Neal Stephenson (mostly because I don't read many novels), but this interview with him in Reason Magazine is a good read.

Posted on 2005-02-10 at 14:04. File under literature.

link ~

Social Circles

Visualizing discussion list communities.

Last week, Stowe Boyd linked to a cool application called Social Circles, which enables you to graph out the relationships between people on discussion lists based on how often they post, who replies to whom, etc. Unfortunately I don't see an easy way to feed in an existing list archive, but I've contacted Marcos Weskamp about that since it would be fun to graph out a long-running list like JDEV. It'd also be interesting to graph the list over time, since contributors come and go over the years.

Posted on 2005-02-10 at 13:57. File under technology.

link ~

2005-02-08

Urban Haiku

Some lost poems.

When experimenting with document publishing as I have been recently, the works I usually play with are my poems, specifically the collection entitled Ancient Fire. To my surprise, I discovered that back in 2003 I somehow accidentally deleted my "Urban Haiku", which I've just restored using the magic of the Wayback Machine. Enjoy!

Posted on 2005-02-08 at 07:39. File under literature.

link ~

2005-02-07

Anglosphere Update

Blogs, wikis, and objectivity.

Recently I've found the following articles of interest regarding the Anglosphere:

The blog entry by Scottish SF writer Ken MacLeod is especially revealing. MacLeod is no friend of "conservatives" (he's something of a left-libertarian, I guess you'd say), yet here are his thoughts on the prospect of Scottish independence:

There used to be a Scottish nationalist T-shirt slogan: 'England is foreign to me.' For myself, I'd prefer to be a true commonwealth's man. I refuse any politics that would make me a foreigner in England. I love England, I believe in England, I believe in the principles of the English Revolution: a revolution that Scotland started, and that in the ruins of Dunkeld, Scotland saved; that became America; and that a wider world will yet complete.

Meanwhile I checked out the Wikipedia page on the Anglosphere, which I find to be quite muddled both conceptually and organizationally. Rather than clearly describing the concept of the Anglosphere with reference to Jim Bennett's book and related historical research, and then discussing the evidence and arguments for and against the concept in a dispassionate and objective manner, the page launches into a discussion of "proponents and critics" (proponents and critics of what? it's not clear, since the term is undefined). Worse, the page plays the racist card by asserting that the Anglosphere is "an obvious and divisive application of ethnocentrism to diplomacy". First of all, nothing is obvious, and all claims must be backed by evidence. Yet if one reads Bennett's book, one knows that he is very careful to define the Anglosphere not as a racial or ethnic phenomenon but as a cultural concept founded on the distinctive history of England and of countries downstream from the England. As Bennett explains, the Anglosphere is best described as a loose network of nations that partake of the English heritage of common (rather than Roman) law, individualism, scientific inquiry, a market economy, a strong civil society, industrialism, and the like. Even Marx and Engels knew that these features were characteristic of English society before they emerged in other nations. The distinctive features of Anglospheric culture have been clearly and extensively delineated by older writers such as Montequieu, Adam Smith, and Alexis de Tocqueville (two Frenchmen and a Scot, not jingoistic Anglo-Saxons), as well as by modern scholars such as Alan Macfarlane and David Hackett Fischer.

Finally, the Wikipedia page doesn't even get basic facts right: until today (when I made a change), it described James C. Bennett (author of The Anglosphere Challenge) as a journalist. Now, it is true that after many years as an entrepreneur and executive in the aerospace, Internet, and nanotechnology industries, Bennett was invited to write an occasional column for UPI, called "The Anglosphere Beat". But the fact that Bennett wrote a syndicated column for a while no more makes him a journalist than it makes Paul Krugman a journalist or Michael Jordan a baseball player (yes, Jordan once played baseball, but a few seasons in the minors does not a baseball player make, especially when Jordan spent many more years focused on basketball). Yet even this seemingly innocuous change to the page provoked controversy and opposition. If this be the state of Wikipedia and Wikipedians, I am not hopeful for the future of the service.

Posted on 2005-02-07 at 20:20. File under society.

link ~

Restless Exploration

Thoughts from recent retirees.

Two well-known commentators retired recently. The first was a traditional journalist: William Safire of the New York Times. The second was one of the most prominent bloggers: Andrew Sullivan. In one of his farewell columns (temproarily here, but you know that NYT policy of quickly archiving things), Safire quoted James Watson (co-discoverer of the biological double helix) and Bruce Barton (an old-school advertising executive) as follows:

"Never retire. Your brain needs exercise or it will atrophy."

"When you're through changing, you're through."

For his part, Andrew Sullivan provided the following words of wisdom in his farewell blog entry:

I've always thought it's a good idea to quit something after around five years or so. Before it becomes a chore. Before you become numb.

Combine these sentiments and the result is a career philosophy that encourages one to endlessly and restlessly explore new opportunities, not rest on one's laurels. Personally I've always experienced that five-year itch -- it's one reason I didn't get a Ph.D. (I'd burned out on higher education after 4 years of college), why I moved into web application development in 1996, and why I got heavily involved with Jabber in 2000. Astute readers will note that I've devoted the last five years of my life to Jabber. Whether I will stay true to form regarding the five-year itch remains to be seen. ;-)

Posted on 2005-02-07 at 19:43. File under personal.

link ~

Broccoli Ice Cream

Binary XMPP?

OK, this is, I think, ill-advised. Compression of XMPP by means of binary XML?

"You got your binary in my XMPP!"

"You got your XMPP in my binary!"

However, unlike peanut butter and chocolate, these are two great tastes that go horribly together. Something like, say, broccoli ice cream. Ick.

Furthermore, this document is full of misunderstandings about the nature of XMPP -- the kinds of traffic it carries, the ability to scale XML streaming, and the like. I'll have to straighten some folks out on this score, because I sense a solution in search of a problem here....

Posted on 2005-02-07 at 17:13. File under jabber.

link ~

Aslan Shrugged

C.S. Lewis meets Ayn Rand.

For fans of both Atlas Shrugged and the Narnian Chronicles, Aslan Shrugged is way cool. As someone said in the comments:

"You got your Narnia in my Objectivism!"

"You got your Objectivism in my Narnia!"

Two great tastes that go great together! (Thanks to Ken MacLeod for the pointer; and let's not forget that classic comic book Elvis Shrugged!)

Posted on 2005-02-07 at 16:13. File under literature.

link ~

FEE FI -FO FUD

From XML to print...

It's been almost three years since I last played around with XSL Formatting Objects (a.k.a. XSL-FO) and other technologies for going from XML to PDF. Thanks to an article by Håkon Wium Lie and Michael Day, I recently got interested again, so I started looking into available software, on the assumption that surely the Apache FOP project had come a long way since the spring of 2002. Not! It seems that the FOP code I used in those days was shunted off into maintenance mode back on October 22, 2001, in preference for the more modern development branch. The development branch promises a total re-write, awesome architecture, and so on. Unfortunately, no code has yet to emerge, which has resulted in several forks of the maintenance branch, including FOray and Folio (there's also a separate implementation written in C, but it does not appear to be far along yet). There are a few commercial XSL-FO rendering engines (such as RenderX and XSL Formatter), which produce more accurate output, but they cost money. XML + CSS is a possible solution (as touted in the article), but there's only one open-source rendering engine. Wow, this is even worse than the much-lamented state of the Jabber community, methinks! (Not that it's bad for there to exist multiple, competing projects.) Now, I grant you that generating typesetting-quality layout is hard work (harder, I'm sure, than building real-time XML streaming servers), but after three years I was hoping for more progress. I guess I need to help out by writing some test cases or filing some bug reports and feature requests.

Update: Joe has cued me in to ReportLab. Who needs XSLT when you can soak in the goodness of Python? ;-)

Posted on 2005-02-07 at 14:11. File under technology.

link ~

IDN-O-Matic

More on the phishing exploit.

In commenting on the IDN phishing exploit, Joe Hildebrand says that the substitution of Cyrillic а for Latin a violates one of his fundamental assumptions about stringprep, namely "that two codepoints that look alike will normalize to the same bytes". Peter Millard and I were chatting about it over lunch, and I think Peter's right that the browsers are doing the right thing in rendering the Cyrllic а character (all except Internet Explorer, which doesn't support internationalized domain names at all), but that they should probably warn the user if a domain name contains one or more glyphs that are outside the user's default character set. Consider the following domain name:

ᎫᎪᏴᏴᎬᏒ.org

If you have Cherokee fonts installed, that should look an awful lot like this:

JABBER.org

But it ain't. ;-) Now, probably not that many people have Cherokee fonts installed, but they might have Cyrllic fonts installed (or some default Unicode glyph renderer). What's violating Joe's sense of Unicode rightness is that St. Cyril borrowed characters from the Latin alphabet while constructing the Cyrllic alphabet (in fact he did the same thing with Greek characters -- compare Cyrllic Ф against Greek ϕ). But is it accurate to say that Cyrllic а should properly decompose to Latin a or that Cyrllic Ф should decompose to Greek ϕ? That's not obvious to me, so I am not convinced that this is a Unicode bug.

Posted on 2005-02-07 at 13:21. File under technology.

link ~

2005-02-01

A Letter from the Future

Ayn Rand in historical perspective.

Tomorrow is the one hundredth anniversary of the birth of Russian-American novelist-philosopher Ayn Rand. In celebration I've posted an essay entitled Ayn Rand in Historical Perspective. Enjoy!

Posted on 2005-02-01 at 19:05. File under philosophy.

link ~

identity...

Peter Saint-Andre

my back pages

me
home
music
jabber
poems
journal
essays
dotplan
résumé
ism book
contact me
colorado blogs

my group blogs

albion's seedlings
extended conversation
floss foundations
microid development
planet jabber

jabberites

adam nemeth
daniel henninger
google talkabout
hal rottenberg
jeremie miller
kevin smith
mickael hallendal
ralph meijer
remko tronçon
robert quattlebaum

techies

barry leiba
bob wyman
eric rescorla
fred stutzman
future pundit
mike linksvayer
paul hoffman
the speculist
steve o'grady
stowe boyd

wonks

cafe hayek
chicago boyz
the futurist
instapundit
joel kotkin
marginal revolution
michael barone
rand simberg
rants and raves
samizdata

i use...

Jabber

CAcert

Firefox

Thunderbird

ClaimID

Rimu Hosting

i support...

IJ

PERC

i listen to...

Last.fm Tunes

fighting censorship...

current threat level...

Terror Alert Level

flying the flag...

Don't Tread On Me
PD no rights reserved Google
powered by vi, xml, and xslt

Blogshares

@ MEMBER OF PROJECT HONEY POT
Spam Harvester Protection Network
provided by Unspam