[JDEV] Message security [was File Transfer]

Mathew Johnston johnston at megaepic.com
Tue Apr 10 11:36:11 CDT 2001

Check out www.megaepic.com/~johnston/newencryption.txt - its a proposal
that we're working on to get some better encryption support into jabber.

Mathew Johnston

On Mon, 9 Apr 2001, Jens Alfke wrote:

> On Sunday, April 8, 2001, at 10:26 AM, Robert Temple wrote:
> > Its certainly bad that its easy to snoop on someones conversation, but
> > there are many users who can live with this, and there is some effort
> > underway to secure conversations using SSL, etc.
> SSL is already supported in the protocol, and I thought that the server
> already implemented it?
> But SSL does nothing to protect you from a rogue or compromised server.
> You also have no guarantee that any server<->server links used to
> deliver your message use SSL.
> As far as I can tell, encrypting the message is the only way to
> guarantee end-to-end security. The protocol supports this but
> unfortunately the documentation is awfully vague. It doesn't say how the
> message specifies what it was encrypted with (is it just hardcoded to
> use PGP and only PGP???) or how the sender obtains the receiver's public
> key (from a vCard perhaps?)
> —Jens

More information about the JDev mailing list