[Foundation] Let's propose JEP-0046 (DTCP)

Casey Crabb crabbkw at nafai.dyndns.org
Wed Dec 4 14:46:41 CST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm not familiar with arp spoofing attacks, where I can find more
information?

If what you say is true, then I agree, no need to make authentication
more complicated if it doesn't add security.

| A jabber user who is concerned about people hijacking his DTCP
connection,
| should probably start securing his setup by using SSL on the jabber
| connection.

Indeed, it should be the first step.

| And DTCP can do TLS, which already includes the facility to do strong
| authentication. What we are missing (IMHO) is some generic way to tie
| keys (TLS certificates as well as GPG keys) to jabber IDs.

Any work in this area should also work towards endpoint to endpoint
message encryption.

- --
Casey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE97mmxUidG/HUEju8RAq8bAKCPhiOmfSam3sXfh6JxKyZo9SWkwwCgi/IH
zabZnK88ddkEo78BJUrhwpE=
=smSZ
-----END PGP SIGNATURE-----




More information about the Members mailing list