[Security] client-to-client security :: Summary and todo's

Pavel Simerda pavlix at pavlix.net
Sun Aug 24 03:56:20 CDT 2008


On Sun, 24 Aug 2008 08:43:42 +0100
Pedro Melo <melo at simplicidade.org> wrote:

> Hi,
> 
> On Aug 23, 2008, at 3:50 PM, Pavel Simerda wrote:
> 
> > On Sat, 23 Aug 2008 11:21:55 +0200
> > Johansson Olle E <oej at edvina.net> wrote:
> >
> >> Ok, I'll try to summarize a bit. With all these very technichal
> >> mails flowing around,
> >> I might have missed something, so please add/correct/flame as
> >> needed
> >>
> >>
> >> - The issue at hand is "how to set up a secure connection between
> >> two XMPP clients".
> >>    Assume that we do have the ability to set up sessions through a
> >> network of XMPP
> >>    servers or by using the same server and need to move from that
> >> channel to a secure
> >>    channel - end to end.
> >
> > Btw, is it really necessary to set up secure connections through
> > servers? If it is a session, why not IP to IP (peer-too-peer)?
> 
> True. The text should be "through a XMPP network". This will include  
> P2P XMPP sessions using XEP-0174.

Ok. This is not the wording I care about so much. But the e2e nature of
connections suggest the c2c over c2s-s2c has no real advantages as a
default choice.

> > Or does is the centralization plague of the internet around servers
> > so severe that nobody considers direct connections?
> 
> big bad conspiracy theory. The servers are out there.

I don't see any conspiracy.

XMPP with servers is a natural choice as you need to store your data
somewhere and share one account for many places and application. I
would just stick with c2s only where it's appropriate.

> go easy. its just that the usual XMPP connections are c2s, so we  
> assume the presence of the server most of the time. Nothing against  
> p2p xmpp, really.

If you mean a server-less XMPP on the internet (not link-local), I
believe it would be an interesting experiment. But in practice... a
local Jabber server seems good enough, at least for people with domain
names.

I am more interested in security features and p2p features of
the otherwise server-centric XMPP network.

Cheers,

Pavel

> Best regards,


-- 

Web: http://www.pavlix.net/
Jabber & Mail: pavlix(at)pavlix.net
OpenID: pavlix.net


More information about the Security mailing list