[JDEV] More SSL talk...
johnston at megaepic.com
johnston at megaepic.com
Sun Aug 26 00:45:57 CDT 2001
You might be interested in joining the security-jig mailing list. We're working on developing good encryption support for jabber. Right now there's limited PGP support, and SSL; SSL only works between client and server, and server and server, so it's not really helpful if you don't trust the jabber servers. (users should not need to trust the servers). You can join through http://mailman.jabber.org/listinfo/security-jig
Mat.
On Sat, Aug 25, 2001 at 08:45:25PM -0400, Joshua Kramer wrote:
>
> Hello all...
>
> I've been reading the list archives on using SSL for authentication and
> encryption, and I wanted to throw in my two bits:
>
> I would like to modify a Jabber client so that its client certificate
> resides on a smart card. Using this method, the client would not be able
> to authenticate unless the card was in place. I'm currently looking at
> OpenCard and JavaCard for the Java client, and a version of PC/SC to use
> with the Linux clients (since I'm primarily a Linux developer).
>
> Perhaps we could modify a client to have an option (on a per-conversation
> or per-user basis) to require an SSL encrypted and/or authenticated
> session between any intermediate servers. If I'm talking with my buddy
> Joe about the ballgame tonight, I might not care; but if I'm talking to a
> client, I would care.
>
> Perhaps we could modify the protocol to use regular 509 e-mail
> signatures... that is, I could e-mail Joe my public key, the same one I
> got from Thawte for Netscape e-mail; my client would send a digital
> signature (generated by my smartcard), and Joe could verify it was "really
> me". This could also be used as a server-authentication process. Again,
> we could set an option requiring (or not) strict authentication.
>
> Another nifty benefit to this is ubiquity; I could be Jabbering away from
> my PDA, laptop, or work PC; if my key was in place, the people on the
> other end would know it's me.
>
> How much time would something like this take to implement? I wanted to
> concentrate primarily on the smartcard interface to the clients...
>
> ----
> This message sent by Josh from Capital University!
> The shortest distance between two points is a hilly, curvy road...
> ----
>
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
More information about the JDev
mailing list