[jdev] Security in jabber
halr9000 at gmail.com
Wed Jun 22 21:24:37 CDT 2005
On 6/20/05, Tomasz Sterna <tomasz.sterna at gmail.com> wrote:
> On 6/20/05, Umesh Bywar <umesh at gs-lab.com> wrote:
> > I am not very familiar with jabber. I have just started reading about it.
> > I have one question about security in Jabber messenger.
> Jabber is a protocol, not a messenger.
Not 100% true. Jabber Inc's client (http://jabber.com) is in fact
called Jabber Messenger. It's possible Umesh was talking about that.
> > Does it provide secure communication across network?
> How do you define "secure"?
> Protocol protects you from sniffing using TLS
> and from spoofing using SASL/dialback.
> Do you require more security?
Yes, we need more information. There are a few different aspects
here. Jabber today has the means to be pretty secure because of the
above protocol options. However, someone sitting *at* either server
can log all the unencrypted packets they want to disk. We don't today
have a good end-to-end (e2e) encryption mechanism that would protect
you at this lowest level.
Psi webmaster (http://psi-im.org)
im:hal at jabber.rocks.cc
More information about the JDev