[Security] PGP (XEP-0027)

Jonathan Dickinson jonathan.dickinson at k2.com
Thu Jun 4 17:23:06 CDT 2009


> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Simon Josefsson
> Sent: 03 June 2009 09:50 AM
> To: XMPP Security
> Subject: Re: [Security] PGP (XEP-0027)
> 
> Justin Karneges <justin at affinix.com> writes:
> 
> > On Tuesday 02 June 2009 22:24:07 Simon Josefsson wrote:
> >> I'm not aware of well
> standardized online password-based solutions, without a trusted third
> party (think Kerberos), that have good properties except for SRP.  PSK
> based on a password has offline dictionary attack concerns.  Does
> anyone
> recall discussion of other options?

Just to throw a spanner in the works - we *do* have a trusted third party. Jabber.org - or at least one of the user's server. Although what would the ramifications be of releasing Kerberos on poor unsuspecting Jabber users?

> 
> /Simon


More information about the Security mailing list