[JDEV] Message security [was File Transfer]
Jens Alfke
jens at mac.com
Mon Apr 9 12:57:51 CDT 2001
On Sunday, April 8, 2001, at 10:26 AM, Robert Temple wrote:
> Its certainly bad that its easy to snoop on someones conversation, but
> there are many users who can live with this, and there is some effort
> underway to secure conversations using SSL, etc.
SSL is already supported in the protocol, and I thought that the server
already implemented it?
But SSL does nothing to protect you from a rogue or compromised server.
You also have no guarantee that any server<->server links used to
deliver your message use SSL.
As far as I can tell, encrypting the message is the only way to
guarantee end-to-end security. The protocol supports this but
unfortunately the documentation is awfully vague. It doesn't say how the
message specifies what it was encrypted with (is it just hardcoded to
use PGP and only PGP???) or how the sender obtains the receiver's public
key (from a vCard perhaps?)
—Jens
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1125 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20010409/412f2932/attachment-0002.bin>
More information about the JDev
mailing list