[Security] PGP (XEP-0027)

Peter Saint-Andre stpeter at stpeter.im
Thu Jun 4 17:34:01 CDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6/4/09 4:23 PM, Jonathan Dickinson wrote:
>> -----Original Message----- From: security-bounces at xmpp.org
>> [mailto:security-bounces at xmpp.org] On Behalf Of Simon Josefsson 
>> Sent: 03 June 2009 09:50 AM To: XMPP Security Subject: Re:
>> [Security] PGP (XEP-0027)
>> 
>> Justin Karneges <justin at affinix.com> writes:
>> 
>>> On Tuesday 02 June 2009 22:24:07 Simon Josefsson wrote:
>>>> I'm not aware of well
>> standardized online password-based solutions, without a trusted
>> third party (think Kerberos), that have good properties except for
>> SRP.  PSK based on a password has offline dictionary attack
>> concerns.  Does anyone recall discussion of other options?
> 
> Just to throw a spanner in the works - we *do* have a trusted third
> party. Jabber.org - or at least one of the user's server. Although
> what would the ramifications be of releasing Kerberos on poor
> unsuspecting Jabber users?

I don't think that jabber.org is a trusted third party, and I'm in
charge of jabber.org. ;-)

Peter

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkooS9kACgkQNL8k5A2w/vzA4QCgmpOJ/u4BVfaE/ZtIbHnF3f4O
tPMAoIr3P2PmOZJIBgCCIY7ILVJD8U9w
=m/pV
-----END PGP SIGNATURE-----


More information about the Security mailing list