[Security] End-to-end encryption with JavaScript client
Bartosz Malkowski
bmalkow at wp.pl
Sun Aug 31 00:29:55 CDT 2008
Dirk Meyer pisze:
> IF you have the script on your PC and not from a server. It makes no
> sense to talk about e2e security when you receive your XMPP client
> from a server just before you use it. Even better: most Javascript
> files are send over HTTP, not HTTPS.
I trust MY server. I trust files I received from My server.
Communication Me<->MyServer<->He is secured in my opinion. But
Me<->MyServer<->HisServer<->He isn't (I don't trust administrator of
HisServer).
But maybe You're right -- it makes no sense...
--
Bartosz Małkowski
JID: bmalkow at malkowscy.net
More information about the Security
mailing list