[jdev] Possible Off Topic but of XMPP Interest: Wiki Leaks uses XMPP
Matthew A. Miller
linuxwolf at outer-planes.net
Mon Nov 1 12:40:09 CST 2010
On Nov 1, 2010, at 12:34 , Stephen Pendleton wrote:
> -----Original Message-----
> From: jdev-bounces at jabber.org [mailto:jdev-bounces at jabber.org] On Behalf Of Peter Saint-Andre
> Sent: Thursday, October 28, 2010 1:41 PM
> To: Jabber/XMPP software development list
> Subject: Re: [jdev] Possible Off Topic but of XMPP Interest: Wiki Leaks uses XMPP
> On 10/23/10 11:52 AM, Ernest Nova wrote:
>> They were storing the private keys of end users on their XMPP server?
>> That seems like a bad idea. If they were storing the private key of the server itself (i.e., the certificate used for TLS), that's another story...
> A perfect illustration of the importance of the use (and implementation) of OTR-enabled clients in today's world.
At the very least, using actual end-to-end encryption. You can still use certificates, just don't store the user's private key on the server!
More information about the JDev