[Foundation] Let's propose JEP-0046 (DTCP)

Jan Niehusmann jan at gondor.com
Wed Dec 4 15:12:27 CST 2002


On Wed, Dec 04, 2002 at 02:46:41PM -0600, Casey Crabb wrote:
> I'm not familiar with arp spoofing attacks, where I can find more
> information?

For example the page http://www.thoughtcrime.org/ie.html explains it
very well. They attack an IE SSL connection (showing that SSL without
proper certificate check is quite useless), but attacking an unencrypted
connection is even more trivial.
(The mentioned web page is just one of many I got from a quick google
search)

> | And DTCP can do TLS, which already includes the facility to do strong
> | authentication. What we are missing (IMHO) is some generic way to tie
> | keys (TLS certificates as well as GPG keys) to jabber IDs.
> 
> Any work in this area should also work towards endpoint to endpoint
> message encryption.

Current GPG encryption (JEP 27) only encrypts messages. To make this
useful for DTCP and other JEPs, we need a proposal how to encrypt and
sign other data types like <iq/>. 

Jan




More information about the Members mailing list