[Standards-JIG] Re: The Great Encryption Debate

David Chisnall theraven at sucs.org
Mon Aug 8 14:35:06 UTC 2005

On 8 Aug 2005, at 14:18, Nolan Eakins wrote:

> I was wondering if the requirement some businesses and industries  
> for logging emails and IMs is being taken into account? A message  
> logger will need to be able to decrypt the data for review or  
> whatever, but once it goes past the corporate server it needs to be  
> encrypted.

The proposal using Diffie-Hellman does since Diffie-Hellman is  
vulnerable to a man-in-the-middle attack.  If you block access to all  
external Jabber servers and force employers to use the corporate one,  
then it is trivial for the server to intercept all encrypted messages  
and create an end-to-end encrypted path between itself and each  
client, giving the appearance of an end-to-end encrypted path for  
both, while maintaining the ability to eavesdrop.

Unfortunately, this weakness also means that Diffie-Hellman is not  
really suitable for key exchange on a Jabber network.  It is designed  
to prevent passive listeners from intercepting your message, not  
active ones.  It is not such a problem for SSH, because:
a) SSH uses a fingerprint that can be verified offline (i.e. when you  
do a local login, before doing a remote access the first time, and
b) Someone intercepting it would have to have the ability to  
intercept and re-write packets at the transport layer (which is  

For Jabber, it means that you have to place total trust in the  
servers at each end.  Do you trust your server admin?  I do, because  
it's me, but I'm not sure I would ask others users of my system to do  
so.  And even if they do, how do they know that the server has not  
been compromised?  When was the last time there was a vulnerability  
in Jabberd2 (there is one in the version included with the current  
OpenBSD) - what about something else in the OS that would allow the  
Jabber server to be compromised?

More information about the Standards mailing list