[Foundation] Let's propose JEP-0046 (DTCP)
Casey Crabb
crabbkw at nafai.dyndns.org
Wed Dec 4 14:46:41 CST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm not familiar with arp spoofing attacks, where I can find more
information?
If what you say is true, then I agree, no need to make authentication
more complicated if it doesn't add security.
| A jabber user who is concerned about people hijacking his DTCP
connection,
| should probably start securing his setup by using SSL on the jabber
| connection.
Indeed, it should be the first step.
| And DTCP can do TLS, which already includes the facility to do strong
| authentication. What we are missing (IMHO) is some generic way to tie
| keys (TLS certificates as well as GPG keys) to jabber IDs.
Any work in this area should also work towards endpoint to endpoint
message encryption.
- --
Casey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE97mmxUidG/HUEju8RAq8bAKCPhiOmfSam3sXfh6JxKyZo9SWkwwCgi/IH
zabZnK88ddkEo78BJUrhwpE=
=smSZ
-----END PGP SIGNATURE-----
More information about the Members
mailing list