[Security] PGP (XEP-0027)
Jonathan Dickinson
jonathan.dickinson at k2.com
Thu Jun 4 17:23:06 CDT 2009
> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Simon Josefsson
> Sent: 03 June 2009 09:50 AM
> To: XMPP Security
> Subject: Re: [Security] PGP (XEP-0027)
>
> Justin Karneges <justin at affinix.com> writes:
>
> > On Tuesday 02 June 2009 22:24:07 Simon Josefsson wrote:
> >> I'm not aware of well
> standardized online password-based solutions, without a trusted third
> party (think Kerberos), that have good properties except for SRP. PSK
> based on a password has offline dictionary attack concerns. Does
> anyone
> recall discussion of other options?
Just to throw a spanner in the works - we *do* have a trusted third party. Jabber.org - or at least one of the user's server. Although what would the ramifications be of releasing Kerberos on poor unsuspecting Jabber users?
>
> /Simon
More information about the Security
mailing list