[jdev] Safety Jabber Client

Ludovic BOCQUET lbxmpp at live.com
Wed Jan 16 03:36:29 UTC 2013


I think that Peter has contacted you about Jabber trademark.

BOCQUET Ludovic
An XSF member
XMPP Standards Foundation
http://xmpp.org/

Le 14/01/2013 17:09, Kevin Smith a écrit :
> On Mon, Jan 14, 2013 at 4:02 PM, Info . <triadacorp1 at googlemail.com> wrote:
>> aboute securely you are exchange only public keys, not private...... u send
>> public keys directly to your opponent by jabber..... (not to any server)
>> in this way MITM attack will have no meaning.
>> without private keys - nothing is impossible to decrypt...
> I assume you mean that the user is not asked to verify the key
> fingerprint out of band (else it wouldn't be automatic). If you're not
> doing this, how can you guarantee that the public key belongs to the
> right person and hasn't been MITMed? Do you mean that the keys are
> sent peer to peer, without sending them through the XMPP stream? If
> so, how are these P2P connections negotiated? If they're negotiated
> over XMPP then the security profile is pretty much the same as if the
> keys themselves were sent over XMPP too, isn't it?
>
> /K
> _______________________________________________
> JDev mailing list
> Info: http://mail.jabber.org/mailman/listinfo/jdev
> Unsubscribe: JDev-unsubscribe at jabber.org
> _______________________________________________
>
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3736 bytes
Desc: Signature cryptographique S/MIME
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20130116/94f5d6b9/attachment.bin>


More information about the JDev mailing list