[jdev] Security in jabber

Hal Rottenberg halr9000 at gmail.com
Wed Jun 22 21:24:37 CDT 2005

On 6/20/05, Tomasz Sterna <tomasz.sterna at gmail.com> wrote:
> On 6/20/05, Umesh Bywar <umesh at gs-lab.com> wrote:
> >     I am not very familiar with jabber. I have just started reading about it.
> > I have one question about security in Jabber messenger.
> Jabber is a protocol, not a messenger.

Not 100% true.  Jabber Inc's client (http://jabber.com) is in fact
called Jabber Messenger.  It's possible Umesh was talking about that.
> >     Does it provide secure communication across network?
> How do you define "secure"?
> Protocol protects you from sniffing using TLS
> and from spoofing using SASL/dialback.
> Do you require more security?

Yes, we need more information.  There are a few different aspects
here.  Jabber today has the means to be pretty secure because of the
above protocol options.  However, someone sitting *at* either server
can log all the unencrypted packets they want to disk.  We don't today
have a good end-to-end (e2e) encryption mechanism that would protect
you at this lowest level.

Psi webmaster (http://psi-im.org)
im:hal at jabber.rocks.cc

More information about the JDev mailing list