Add property for CertWatch result and check it by XMPP bot
CertWatch is a service that monitors XMPP servers and detects MITM attacks. For that, an XMPP server sets a DNS TLSA record which includes the public key that is used to generate its TLS certificate. CertWatch informs via PubSub or an XMPP message if a different key is used.
The new basic property ratingCertWatch
should be added with the following values:
-
false
: CertWatch does not monitor the provider or the TLS certificate uses a different public key announced via DNS (i. e., a MITM attack could be possible) -
true
: CertWatch monitors the provider and the TLS certificate it receives uses the public key announced via DNS
The XMPP bot should check whether a PubSub node for a given provider (e.g., the node example.org
) exists on the PubSub service certwatch.xmpp.net
. If not, it should set the property's value to false
. Otherwise, it should check whether a potential MITM attack has been detected by CertWatch and set false
if that is the case or true
if everything is OK.