[JDEV] Signed & encrypted messages
Julian Missig
julian at jabber.org
Sun May 27 13:30:11 CDT 2001
Right now we get the key based on the presence signature we first
receive from a user... so it's based on the assumption that you either
already have the key or that the presence you first receive was signed
with the proper key. I don't think any clients do it via vCard because
that could make the vCard pretty big or something like that.
Julian
On 27 May 2001 13:58:56 -0400, Mathew Johnston wrote:
> Do you mean that the sender of the key would sign the key? Or do you
> mean that a third party would sign the key?
>
> So far, I think that the list of key exchange methods are manual,
> x509 via vcard or some other server side thing, or query response
> for keys - the sender would not be able to sign the key since the
> key is what they would use for signing (it would be sort of useless). :)
> If we want third party signed keys, X509 certificates would already fulfil
> that need.
>
> Mathew Johnston
>
> On Sun, May 27, 2001 at 10:15:33AM +0100, Al Sutton wrote:
> > I've read the draft and I'd like to suggest that a signature field is added
> > to the response to a key query performed via jabber:iq:keyExchange that
> > represents the digital signature of the key returned. If jabber clients
> > carry a list of public keys from trusted key holders (or a list is easily
> > accessible to them), they could then indicate the level of trust placed on
> > that key, as well as verifying that no modifications were made in transit.
> >
> > Does this sound useful?
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
--
email: julian at jabber.org
jabber:julian at jabber.org
More information about the JDev
mailing list