[JDEV] Encryption

[Paul Goh]

I need to implement a simple encryption scheme on Jabber to ensure a secure
communication channel, and I thought up a very simple scheme. I will try my
best to explain it, please comment on the loopholes or disadvantages.

Scenario:
1. Client request to connect to server.

2. Jabber server generates a key pair (Ksp - server public key and Ksr -
server private key) and send the public key Ksp to client.

3. Client generates a key pair (Kcp - client public key and Kcr- client
private key), encrypts the message (which contains the client's public key
Kcp) with the server's public key Ksp (EKsp(Msg)), and send the ciphertext
back to the server. By this step, a secure channel is established, with the
client and server holding each other's public key.

4. Since different key pairs are generated by the client and the server for
each single session, security level is pretty high.

5. The client can then be authenticated with user name and password, which
is sent through secure key encrypted channels.

Please comment.

Paul