[Standards-JIG] Re: The Great Encryption Debate

[Ian Paterson]

> The proposal using Diffie-Hellman does since Diffie-Hellman  
> is vulnerable to a man-in-the-middle attack.

As Justin said, the proposal is not vulnerable to a man-in-the-middle
attack because the (initial) Diffie-Hellman keys are signed using
private keys.


> It is not such a problem for SSH, because:
> a) SSH uses a fingerprint that can be verified offline

The "Security Considerations" of JEP-0116 recommend this and several
other methods of verifying public keys - see Section 9.3 (11.3 on v0.4)
"Verifying Keys".

> b) Someone intercepting it would have to have the ability to  
> intercept and re-write packets at the transport layer

Sorry, I didn't understand this point. Both SSH and XMPP typically run
on top of a TCP/IP connection.


All protocols, including S/MIME and PGP, have to face the same public
key verification challenges. So this list agreed last week that the
protocol for publishing keys will be split into a separate generally
applicable JEP (as soon as someone has the time to write it).


> For Jabber, it means that you have to place  
> total trust in the servers at each end.

IMHO JEP-0116 does not require the clients to trust the servers in any
way. Let me know if I have missed an issue, or if the JEP does not make
something clear.

- Ian