[JDEV] Message security [was File Transfer]

Jens Alfke jens at mac.com
Mon Apr 9 12:57:51 CDT 2001


On Sunday, April 8, 2001, at 10:26 AM, Robert Temple wrote:

> Its certainly bad that its easy to snoop on someones conversation, but
> there are many users who can live with this, and there is some effort
> underway to secure conversations using SSL, etc.

SSL is already supported in the protocol, and I thought that the server 
already implemented it?

But SSL does nothing to protect you from a rogue or compromised server. 
You also have no guarantee that any server<->server links used to 
deliver your message use SSL.

As far as I can tell, encrypting the message is the only way to 
guarantee end-to-end security. The protocol supports this but 
unfortunately the documentation is awfully vague. It doesn't say how the 
message specifies what it was encrypted with (is it just hardcoded to 
use PGP and only PGP???) or how the sender obtains the receiver's public 
key (from a vCard perhaps?)

—Jens
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1125 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20010409/412f2932/attachment-0002.bin>


More information about the JDev mailing list