[Juser] jabber encryption extension
Michael Reichenbach
michael_reichenbach at freenet.de
Thu Jan 3 10:57:02 CST 2008
Not much client developers seamed to "like" the official jabber protocol
encryption extension. I think this because them did not implement it.
Most either implemented their own implementation of OpenPGP or the most
used encryption method for jabber clients so far is OTR.
I am not skilled enough in cryptography to look really deep under the
hood of OTR. But it`s features (encryption, authentication, deniability
and Perfect forward secrecy) seams the be better (or better said more
modern). OTR seams to be more practical for instant messengers then PGP.
OTR is also very easy to set up (compared to OpenPGP). For friends in
real life you just meet them and verify their fingerprint, another
method is the shared secret (I prefer the first method).
If you want strangers to contact you with encryption enabled you would
need to post your fingerprint singed with pgp somewhere.
Or the most worse method, you just blindly accept the fingerprint of
strangers. That`s better then no encryption at, not 100% secure but you
will know that it`s always the same one you are talking to (except when
there is a mitm from the first time which is unlikely and if so you can
still verify the correct fingerprint later if you feel need for).
Currently OTR is only for instant messages. Not for group chats,
filetransfer, audio or video (last two things may be technically
impossible with OTR features).
My point is, developers seam to like OTR more then the official protocol
extension of jabber.
So now my question is, why you don`t drop the not used protocol
extension and use OTR instant as the official extension? I am not
afflicted with the OTR team in any way, but I guess them would also
prefer this.
More information about the JUser
mailing list