[JDEV] PGP / Public Key retrieval

Tim McCune timm at channelpoint.com
Mon Oct 9 14:13:39 CDT 2000

Hash: SHA1

We tossed around a couple ideas earlier in Imjay's lifecycle, like
running a separate key server, or maybe talking to an existing key
server.  Since Jabber already had VCard support, and since VCard
already had a slot for this, it seemed like the simplest solution. 
Do you see a problem with the implementation we're using?  Since
Imjay's key exchange is all transparent to the user, and since we're
only using it for encryption (not digital signing), we also tossed
around the idea of generating a new public key every time the user
logs on.  The only issue there is that you would have to associate a
timestamp with the key so that the correct key is used for messages
that were in offline storage.  I think that this timestamp is
actually encoded in the key somewhere, but I'm not sure if JCE
exposes this through its API.  So as it stands, with Imjay, if you do
generate a new public key at some point, messages that were in
offline storage could become undecryptable (is that a word? ;-)

- -----Original Message-----
From: Max Horn [mailto:max at quendi.de]
Sent: Monday, October 09, 2000 11:52 AM
To: jdev at jabber.org; jabbernaut-devel at lists.sourceforge.net
Subject: [JDEV] PGP / Public Key retrieval

OK, I finally begun adding PGP support to Jabbernaut (don't hold your
breath, it'll take some time to finish, as I'm really busy moving & 
beginning to study & having a real life <g>)

Anyway, what I really want to know:

* what clients already implement PGP / the various namespaces for it 
(x:signed and x:encrypted IIRC) ? I know Imjay and KIM so far, are 
there others?

* how am I supposed to get the key of the guy I'm talking to? I know 
Imjay tries to get it from the vCard. And I also thought about using 
the jabber ID like an email (in the MacOS PGP SDK I can get a key 
based on the email).

We really should agree on some sort of (semi-)standard. It doesn't 
have to be a full-fledged standard, but at least some guidlines for 
client authors...


- -- 
- -----------------------------------------------
Max Horn
International C/C++/Internet Development

email: <mailto:max at quendi.de>
   web: <http://www.quendi.de>
phone: (+49) 2621-188947

jdev mailing list
jdev at jabber.org

Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>


More information about the JDev mailing list