[Standards-JIG] certificate and private key retreival

Ian Paterson ian.paterson at clientside.co.uk
Tue Mar 16 23:09:32 UTC 2004


> >> Each user's private keys can be safely stored and retrieved
> >> (in-band over an insecure connection) from their own server (today via
> >> jabber:iq:private), as long as it has been symmetrically encrypted with
> >> (a hash of) the user's password.
>
> > Interesting idea, but of course one could not use
> > the same password as the Jabber login.
>
> In fact one could use the same password. But that would require a slight
> (but fundamental) change to login policy...

All of this would allow public key encryption to be 100% transparent to the
users.

The key pair could be generated by the client when the account is created
and sent to the XMPP server.

The XMPP server signs the public key to create a certificate and makes it
available to the world. (The XMPP server also makes its own certificate -
signed by an authority - available to the world.)

- Ian




More information about the Standards mailing list