[JDEV] s2s over ssl
Tijl Houtbeckers
thoutbeckers at splendo.com
Mon Dec 16 03:33:19 CST 2002
"Adrian Rapa" <adrian at kilipir.ro> wrote on 16-12-2002 10:15:51:
>
>hi,
>i have another ideea.... can there be an optionl s2s over ssl?
>i mean like there is c2s clear text and c2s over ssl, there should be
>also s2s over ssl, other way, the cs2 over ssl is useless when i want
>to comunicate accross the servers
>
SSL is not meant for end to end encryption. Even if S2S would be
encrypted with SSL you data could still be compromised, since on the
servers it is decoded into plain text. So using S2S for server
connections would give a false sense of security. Also there is no way
of knowing wether the other person you're talking to is using SSL or
not.
If you still want to "secure" the S2S between 2 specific server you're
able to do this with a VPN or SSH tunneling.
Current use of GPG/PGP with Jabber *does* do a form end to end
encryption. This is documented (can't be that hard to find, probably a
JEP), but I think more work is being down right now to bring it in line
with XML standards.
--
Tijl Houtbeckers
Java/J2ME/GPRS Software Engineer @ Splendo
The Netherlands
More information about the JDev
mailing list