[jdev] Safety Jabber Client
lbxmpp at live.com
Wed Jan 16 03:36:29 UTC 2013
I think that Peter has contacted you about Jabber trademark.
An XSF member
XMPP Standards Foundation
Le 14/01/2013 17:09, Kevin Smith a écrit :
> On Mon, Jan 14, 2013 at 4:02 PM, Info . <triadacorp1 at googlemail.com> wrote:
>> aboute securely you are exchange only public keys, not private...... u send
>> public keys directly to your opponent by jabber..... (not to any server)
>> in this way MITM attack will have no meaning.
>> without private keys - nothing is impossible to decrypt...
> I assume you mean that the user is not asked to verify the key
> fingerprint out of band (else it wouldn't be automatic). If you're not
> doing this, how can you guarantee that the public key belongs to the
> right person and hasn't been MITMed? Do you mean that the keys are
> sent peer to peer, without sending them through the XMPP stream? If
> so, how are these P2P connections negotiated? If they're negotiated
> over XMPP then the security profile is pretty much the same as if the
> keys themselves were sent over XMPP too, isn't it?
> JDev mailing list
> Info: http://mail.jabber.org/mailman/listinfo/jdev
> Unsubscribe: JDev-unsubscribe at jabber.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3736 bytes
Desc: Signature cryptographique S/MIME
More information about the JDev