[Council] JEP-0027
David Waite
mass at akuma.org
Wed Apr 10 14:59:57 CDT 2002
(replying to myself)
I am changing my vote to -1, pending the changes I outlined earlier.
-David Waite
David Waite wrote:
> Max Metral wrote:
>
>> Right, but doesn't that essentially limit us to PGP? I understand
>> this is
>> informational, but it would seem to be one of those things that can be
>> explained several ways, and I'd like to see it explained as if it was
>> more
>> flexible than the way it's being used today.
>>
> Actually, the replay issues I mentioned are only really solvable by
> having some sort of key negotiation (which can be encrypted via pgp or
> done via a dh key exchange); you want both parties to take part in
> choosing a unique session key, or each receiving party to choose a key
> to be used for data sent to it. Both the feature negotiation and key
> negotiation will require a different protocol.
>
> Actually, that brings up another interesting point - (since this is
> informational) - is there any accepted client standards for figuring
> out if the trust level of the remote entity is adequate for pgp
> encryption? I suppose that is more of an identity question ; there
> isn't currently a way to guarantee the identify of a user against man
> in the middle or machine takeovers on Jabber, and this standard does
> not provide any means to verify the identity of the other party
> (because of the replay issues.)
>
> -David Waite
>
>
>
> _______________________________________________
> Council mailing list
> Council at jabber.org
> http://mailman.jabber.org/listinfo/council
More information about the Council
mailing list