[jdev] sniffing

[Alex Kogan]

Hi everyone,

 I'm  new  to  this  mailing list. And I have a question to all Jabber
 developers  concerning  security issues. I'm working on a Jabber-like
 protocol  for  one-to-many  chatting, it will be simpler and used for
 local  needs  mostly.  I'm  writing a server in PHP and would like to
 find  the  best  way  to  protect communication in this protocol from
 sniffing.  Is this possible? I was reading through the Jabber RFC and
 seems  that  I  should  look  deeper  into  the  TSL and SASL issues.
 However,  I was not able to get the idea of how these security issues
 work  in  practice.  Can  you  help  me  giving a practical advice on
 implementing  client-server  communication which is somehow encrypted
 and    still    be   possible   to   read   for   server/client   and
 sniffing-protected  at  the  same  time?  I  also  had  a  look  into
 class.jabber.php  and  its  SendAuth() method, but again, I failed to
 get  the  idea  of  md5() encoding. Is the whole conversation encoded
 further?

 Thank  you. Hoping you can help me, at least show the right direction
 for me.

-- 
Best regards,
 Alex                          mailto:alex at widestep.com