dwaite at jabber.com
Fri Aug 10 12:07:32 CDT 2001
I've looked at it just barely (looked at the site, read the whitepaper,
I think when people start to think about how to provide encryption on
top of Jabber conference systems, it will be a good source of
information on different ways to do it. On the other hand, I disagree
with the amount of encryption being done by the server, and that by
default channel communications are encrypted with a single channel key
which is owned by the cell servers, meaning that these servers are
trusted. Its my philosophy that the clients within the channel should
know the identity of people they are communicating with; and that the
clients should do the encryption of the room, based on a shared key
generated between the clients. The Security JIG and the (hopefully
soon-to-be-formed) Conferencing JIG would both be good places to discuss
alternatives on this.
Michael Brown wrote:
>Has anyone looked at SILC? Does it relate in any way to the Jabber
>groupchat? Similar at all?
>I notice it claims to be secure - does this hold up, and if so is it
>anything that could be reused to improve security in Jabber?
>jdev mailing list
>jdev at jabber.org
More information about the JDev