[Security] GSoC proposal: Identity-based end-to-end encryption for XMPP

Eric Rescorla ekr at rtfm.com
Tue Mar 15 09:32:06 CST 2011


On Tue, Mar 15, 2011 at 8:20 AM, David Núñez <dnunez at lcc.uma.es> wrote:
> The idea is to use the XMPP servers as Key Generation Centers (KGC), since they already provide procedures for user authentication. Thus, the project would have to develop the server components required to issue private keys to users, among others. I think that the fact that the JID of the user you want to securely communicate could act as a public key is interesting to the XMPP protocol.

Yes, this does not add any value over a standard PKI system.

-Ekr

> However, I am aware that there have been several responses to my proposal, and it seems that it is not very interesting to XMPP. I would like to thank you for your thoughtful insights. As one of you suggested in a previous response, I will study in more depth the current problems in end-to-end communication in XMPP and try to propose something else. I was hoping to participate in this Google Summer of Code edition. Any ideas that could be arranged as a proposal?
>
> Best regards,
> David.
>
> El 15/03/2011, a las 15:47, Eric Rescorla escribió:
>
>> On Tue, Mar 15, 2011 at 7:14 AM, David Núñez <dnunez at lcc.uma.es> wrote:
>>> Thank you for your response. Respect to your first point, one advantage of the proposed scheme is that it is an alternative to digital certificates and its associated distribution infrastructure, as it relies on the identity of the users as public keys.
>>
>> I don't know what this means. An IBE system requires a central key
>> generation server which needs to
>> verify users identities and only issue keys when appropriate. The
>> processing done by the KGS looks
>> very much like that done by a CA.
>>
>> The primary advantage of an IBE system is that you can encrypt to
>> people whose credentials you
>> don't have (and may not even have any yet). However, since this is a
>> real-time exchange, that benefit
>> does not applyhere.
>>
>> -Ekr
>
>


More information about the Security mailing list