[JDEV] Secure instant messaging.
Peter Millard
me at pgmillard.com
Fri Feb 2 15:00:49 CST 2001
James -
Have you checked out:
http://docs.jabber.org/draft-proto/html/pki.html
It details a "draft" spec that allows clients to use existing PGP/GPG
architechture and plugins to achieve msg crypto.
Instead of saving the keys on a central key server, wouldn't it be better to
allow clients to request the keys directly from each other if they don't
already have them?? This stuff has already been implemented into Gabber and
Winjab and seems to be wroking pretty good.
By signing the presence, you can extract the KeyID from the signature, and
check to see if that public key already exists in the client's existing
key-ring. If it doesn't (and I know this opens up some worms) but the
clients could possibly just swap keys with each other using iq/get/results.
Then you'd just using existing PGP/GPG technology.
Peter.
More information about the JDev
mailing list