[JDEV] Jabber and WDDX
Scott Robinson
quad at jabber.org
Tue Sep 28 21:58:44 CDT 1999
Interleaved response.
Scott.
* John Price translated into ASCII [Tue, Sep 28, 1999 at 12:47:54PM -0500][<Pine.LNX.4.10.9909281232460.23878-100000 at droopy.gcfl.net>]
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
[snap]
> Are you planning on encrypting the password on login?
>
Oy! I'm sure there is a FAQ somewhere, but when it comes to encryption and
security it always seems that I am the one answering the questions. (which
comes to another point on why I haven't released by LyX document with a
proposal for Jabber security. Eliot, wanna help me out with
docs.jabber.org?)
Encryption of the password at login will not be done using the text-based
protocol. In all secure reality, it can't be done straight with our current
implementation. HOWEVER, it will be wrapped into identity resolution and
authentication in the secureproxy architecture.
> What about encrypted messages? Will that be possible?
>
Encrypting individual messages is performed using Jabber-MIME extensions and
OpenPGP-MIME encoding. The following two links should be very handy for
coders.
Jabber-MIME extensions: http://core.jabber.org/MIME.html
OpenPGP MIME encoding: http://www.ietf.org/rfc/rfc2015.txt
[snap]
>
> Thanx,
> John
Sure!
The upcoming secureproxy architecture for Jabber handles stream level
encryption, secure authentication and identity, and most public-key
distribution issues.
By the way, and for everyone once again, security/encryption/authentication
questions/comments/suggestions should all be posted to security at jabber.org.
[snip]
More information about the JDev
mailing list