[JDEV] Continued Improvement of Security Concerns

[Oliver George]

Thomas Muldowney wrote:

> As some of you may know I'm a huge fan of strong security options in any 
> software that I use.  Jabber is definately software I use ;-] and it needs 
> more improvements in it's security foundings it already has.  Over the next few
> weeks I'm going to be taking a long hard look at many of the security options
> that we have available to us.  I would like to ask for any comments, suggestions
> or ideas that anyone has, so I can include these in my initial write up of where
> we stand.  After this writeup (I'll probably try and do this by the end of the
> week), I plan to start implementing as many of the features as I possibly can.
> I'm completely serious on this issue, and I'm willing to entertain most any
> idea, even the most widely debated end to end encryption (it's hard, but I have
> some ideas for it).  So I'm throwing myself into the deep end, and hoping I 
> don't drown =)
> 
> --temas
> 

I'd like to encourage is consideration for light weight clients.  Things 
like flash which can make secure http connections (although the 
XMLSocket object can't be a secure link I don't think).  Another example 
might be javascript clients, both don't have existing libraries for 
strong security/encryption.

If i could retrieve a random string by a secure url request and then use 
that to mask my password then i'd be 1000 times happier than i am right 
now.  (Yeah, i could write it myself)  But the use of standard browser 
infrastructure would solve many security problems i think.

I'm confident that my comments are accurate but i'm not sure.

Regards, Oliver.