[Security] End-to-end encryption with JavaScript client

Bartosz Malkowski bmalkow at wp.pl
Sun Aug 31 00:29:55 CDT 2008


Dirk Meyer pisze:
> IF you have the script on your PC and not from a server. It makes no
> sense to talk about e2e security when you receive your XMPP client
> from a server just before you use it. Even better: most Javascript
> files are send over HTTP, not HTTPS.

I trust MY server. I trust files I received from My server.
Communication Me<->MyServer<->He is secured in my opinion. But
Me<->MyServer<->HisServer<->He isn't (I don't trust administrator of
HisServer).

But maybe You're right -- it makes no sense...

-- 
Bartosz Małkowski
JID: bmalkow at malkowscy.net


More information about the Security mailing list