[JDEV] Signed Presence

temas temas at box5.net
Thu Aug 16 13:32:43 CDT 2001 

David Bovill wrote:

>From the Draft Protocol...
>
>-----------------------
>Introduction
>
>These namespaces are used to sign and encrypt messages and presence for
>end-to-end security. They are most secure when performed at the client
>level, but could optionally be supported and used by a trusted server. The
>crypto information is contained in the jabber:x:signed or jabber:x:encrypted
>namespaces. The contents are the armor'd output from GPG or PGP, and have
>all of the header and wrapper text removed (it serves no purpose within this
>context). Any future additional encryption schemes other than PGP/GPG should
>utilize their own namespace(s) to exchange data.
>
>Someone please add implementation notes (gui hints, chat-level options and
>suggested guidelines, etc).
>------------------------------------------------------------------------
>
>Signed Presence
>
>The status element of presence is the CDATA that is signed:
>
><presence from='pgmillard at jabber.org/wj_dev2' to='jer at jabber.org'>
>  <show>online</show>
>  <status>Online</status>
>  <x xmlns='jabber:x:signed'>
>      iQA/AwUBOjU5dnol3d88qZ77EQI2JACfRngLJ045brNnaCX78ykKNUZaTIoAoPHI
>      2uJxPMGR73EBIvEpcv0LRSy+
>      =45f8
>  </x>
></presence>
>--------------------
>
>A couple of questions:
>
>    1) In the above example is the signature generated from the text of the
>entire message ( less the <x xmlns='jabber:x:signed'>.....</x> bit?
>
>    2) If I use my own encryption scheme do I use a name space like:
>        "<x xmlns='anything:I:like'>
>
>    3) If I can't easily build in PGP/GPG into my client can I use a server
>to verify the signature via messaging? In other words can someone intercept
>the message and pretend to be the server? Any links on these issues would be
>great...
>
>I'd like to include a standard way of specifying the encryption scheme,
>perhaps with some secure way of obtaining the new scheme if the client does
>not yet support it - sort of encryption scheme upgrade path?
>
>_______________________________________________
>jdev mailing list
>jdev at jabber.org
>http://mailman.jabber.org/listinfo/jdev
>
Are you using a standard PKI type scheme or just a simple streaming cipher?

--temas

More information about the JDev mailing list