[OTR-users] Pretty-please standardize OTR signature storage, per OS.

[Daniel Kahn Gillmor]

On 09/10/2013 05:41 PM, subharo at hushmail.com wrote:

> After thinking through your idea, I think I've found a potential 
> problem that should be pondered.  In Windows, your loopback daemon 
> would work fine, because Windows is not truly Multi-User (in the 
> sense that *you can't multiple human users logging at the same 
> time,* with separate, independent "Sessions").  

This is not true.  Even non-server versions of Windows allow you to
"switch user" such that one user's processes and tasks are running in
the background already.

> Unix user Alice running your loopback daemon could have her keys 
> read, modified, or deleted by Unix User Bob, who has SSH'ed/X2go'd 
> into that same machine.  An example scenario: University students 
> playing pranks on each other in Unix computer labs with NIS+/NFS 
> network accounts giving them access on all the other UNIX machines.

the monkeysphere validation agent addresses this concern by scanning
/proc/net/tcp as a connection is made to ensure that the connection is
being made by a process with the expected uid.  I don't know if there's
an analogous mechanism on windows.

> I think your idea needs a security mechanism, like say, a master 
> password, before the OTR signatures can be accessed.

If you really can't authenticate the connecting peer some other way,
there are many non-password mechanisms (e.g. key-based authentication
based on auto-generated and rotated keys stored in the filesystem that
are only readable by the user who runs the service) that make more sense
than exposing the user to yet another password regime.

passwords are terrible.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20130910/9df56793/attachment.pgp>