[JDEV] Secure instant messaging.
timm at channelpoint.com
Sun Feb 4 15:11:51 CST 2001
-----BEGIN PGP SIGNED MESSAGE-----
The messages aren't currently signed (although they could be without
much additional effort), so there's not really any authentication
going on. However, early on in the development of the encryption
support, I thought about supporting the ability for the client to
generate a new set of keys for every session (basically what it
sounds like you're describing). Of course, there is the performance
hit associated with the key generation, and retrieving other users'
new keys all the time, but the main reason I didn't go this way was
the fact that if someone sends you an encrypted message while you're
offline, using your old "temporary" public key and you no longer have
the matching private key stored anywhere, you can't decrypt the
message. However, I suppose I could add support for this as an
optional feature and just warn the users about this annoyance if they
use it. Maybe someone has a suggestion for a way around it. I
haven't thought of (a practical) one so far.
> -----Original Message-----
> From: Michael F. March [mailto:march at indirect.com]
> Sent: Saturday, February 03, 2001 1:23 PM
> To: jdev at jabber.org
> Subject: Re: [JDEV] Secure instant messaging.
> It would be great if this client could have a
> mode where you can secure end to end communication
> but not necessarily have the communication be
> authenticated. This would be great for an
> applet mode of this client where you would not
> necessarily have a permanent private key.
> ----- Original Message -----
> From: "Tim McCune" <timm at channelpoint.com>
> To: <jdev at jabber.org>
> Sent: Friday, February 02, 2001 1:43 PM
> Subject: RE: [JDEV] Secure instant messaging.
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > Imjay (http://imjay.sourceforge.net) uses asymmetric key
> > encryption in its messages. It uses Diffie-Hellman by default,
> > but the
> > algorithm is pluggable through JCE. It hasn't seen any active
> > development for the past few months, but I'm planning to get
> > moving on it again soon. It stores public keys on the server in
> > the user's vcard profile and the private key in a local
> > configuration file.
> > > -----Original Message-----
> > > From: Ted Rolle [mailto:TRolle at uwgrocers.com]
> > > Sent: Friday, February 02, 2001 1:18 PM
> > > To: 'jdev at jabber.org'
> > > Subject: RE: [JDEV] Secure instant messaging.
> > >
> > >
> > > James: you have voiced a concern of mine, too.
> > >
> > > Would it be practical to pick up public keys from a key
> > > server, plus adding
> > > the ability to use a PGP secret key disk?
> > >
> > > Ted
> > >
> > > _______________________________________________
> > > jdev mailing list
> > > jdev at jabber.org
> > > http://mailman.jabber.org/listinfo/jdev
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGPfreeware 6.5.3 for non-commercial use
> > iQA/AwUBOnsbsNUPOr8a7vy5EQKqmQCggLa5PxUdn+Cgd604cAfj24mKfVwAoKMw
> > pVQSnZJgOrdiaq7jrnYGf8xq
> > =IAH0
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> jdev mailing list
> jdev at jabber.org
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
-----END PGP SIGNATURE-----
More information about the JDev