[JDEV] servers specifying from fields

[Matthias Wimmer]

Hi Mathew!

Mathew A Johnston schrieb am 2001-03-01 19:56:22:
> Why not just use standard message signing? That would ensure the identity
> of the sender to the receiver, and require no server side support. Is this
> not better?

With signed messages you need a trust center (two expensive) or a "web of
trust" (doesn't work for all your contacts.
So personally I do prefere the server checking/setting the from attribute.
Dialback is less secure but works better in real environment with average
users.

> Do you think that encapsulating encrypted jabber messages in
> other jabber messages is a valid idea? I think that this is required if
> extentions are to be able to communicate securely. Read my proposal? :)

I havn't read it ... but I think extensions have to be made in a way that they
are compatible with the old protocol and old clients.
Use SSL to communicate encrypted with your server ... and use jabber:x:encrypted
for end-to-end encryption ...
The from and to addresses are encrypted that way at the client-server-connection
and for the server they have to be visible in any case to allow routing and
bouncing of the messages.


Tot kijk
   Matthias
-- 
Fon: +49-(0)70 0770 07770               http://matthias-wimmer.de/
Fax: +49-(0)89 312 88 654               jabber://mawis@charente.de

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20010302/49ac0cfa/attachment-0002.pgp>