[JDEV] Message security [was File Transfer]
Mathew Johnston
johnston at megaepic.com
Tue Apr 10 11:36:11 CDT 2001
Check out www.megaepic.com/~johnston/newencryption.txt - its a proposal
that we're working on to get some better encryption support into jabber.
Mathew Johnston
On Mon, 9 Apr 2001, Jens Alfke wrote:
>
> On Sunday, April 8, 2001, at 10:26 AM, Robert Temple wrote:
>
> > Its certainly bad that its easy to snoop on someones conversation, but
> > there are many users who can live with this, and there is some effort
> > underway to secure conversations using SSL, etc.
>
> SSL is already supported in the protocol, and I thought that the server
> already implemented it?
>
> But SSL does nothing to protect you from a rogue or compromised server.
> You also have no guarantee that any server<->server links used to
> deliver your message use SSL.
>
> As far as I can tell, encrypting the message is the only way to
> guarantee end-to-end security. The protocol supports this but
> unfortunately the documentation is awfully vague. It doesn't say how the
> message specifies what it was encrypted with (is it just hardcoded to
> use PGP and only PGP???) or how the sender obtains the receiver's public
> key (from a vCard perhaps?)
>
> —Jens
>
More information about the JDev
mailing list