[JDEV] Signed & encrypted messages
Mathew Johnston
johnston at megaepic.com
Sun May 27 12:58:56 CDT 2001
Do you mean that the sender of the key would sign the key? Or do you
mean that a third party would sign the key?
So far, I think that the list of key exchange methods are manual,
x509 via vcard or some other server side thing, or query response
for keys - the sender would not be able to sign the key since the
key is what they would use for signing (it would be sort of useless). :)
If we want third party signed keys, X509 certificates would already fulfil
that need.
Mathew Johnston
On Sun, May 27, 2001 at 10:15:33AM +0100, Al Sutton wrote:
> I've read the draft and I'd like to suggest that a signature field is added
> to the response to a key query performed via jabber:iq:keyExchange that
> represents the digital signature of the key returned. If jabber clients
> carry a list of public keys from trusted key holders (or a list is easily
> accessible to them), they could then indicate the level of trust placed on
> that key, as well as verifying that no modifications were made in transit.
>
> Does this sound useful?
More information about the JDev
mailing list