[JDEV] Security/Encryption Issues

Max Horn max at quendi.de
Wed Aug 16 11:08:43 CDT 2000 

I was on vacations, that's why I respond late to this posting...


At 0:41 Uhr +1000 09.08.2000, Michael Brown wrote:
<snip>
>In order to make it easier to implement encryption, we really need a) a
>standard, and b) to come up with a standard (L)GPL library for each major
>platform - similar to how JabberCOM is used in most of the Win32 Jabber
>clients.

That's a good idea. Problem for me is that GPG is not available on 
the mac. I thought (and still think) about porting it myself. But to 
have it spread, users will want to have a nice GUI, and that's much 
work.

Anyway, for now I think I will just use PGP, as it's free, too, 
available in source, easy-to-use (it has a nice GUI <g>) etc.


>Each client should display some form of indication as to wether or not the
>message that they are reading/writing is signed/encrypted/secure.  (ie in
>the form of a locked/unlocked icon etc.)

Yes, that's a good idea, I'll do that as soon as I have it working :)


>Every Jabber <=> Jabber message should be encrypted and signed - for any
>message to an external IM system it should be made obvious that it is NOT
>secure and could have been spoofed.

This would be the theoretical optimum, but is not realistic. First 
of, the PGP/GPG system is not perfect - it relies on a web-of-trust, 
and that simply has far to many holes currently. Situation is 
improving, though.

Also, what's with the people in countries that disallow strong 
encryption? Like france, IIRC? We can't exclue them, IMHO.


>IMO, the Jabber Roster Items _must_ be changed ASAP to include an encryption
>public key property.

This sounds good on the first thought, but it's not as good. The 
roster is stored on the server. Nothing prevents the server admin 
from putting a faked key in there, and doing a man-in-the-middle 
attack.

So this would be utterly useless. To put it in Phil Zimmermanns 
words: "Beware of Snake Oil!". Worse than unencrypted/unsecure 
messages are messages that *seem* to be secure, but aren't!



Bye,

Max
-- 
-----------------------------------------------------------
Max "The Black Fingolfin" Horn
<mailto:max at quendi.de>
<http://www.quendi.de> - please use my guestbook!

More information about the JDev mailing list