[Standards-JIG] Re: The Great Encryption Debate

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Mon Aug 8 15:41:41 UTC 2005


On Monday 08 August 2005 07:35 am, David Chisnall wrote:
> Unfortunately, this weakness also means that Diffie-Hellman is not
> really suitable for key exchange on a Jabber network.  It is designed
> to prevent passive listeners from intercepting your message, not
> active ones.  It is not such a problem for SSH, because:
> a) SSH uses a fingerprint that can be verified offline (i.e. when you
> do a local login, before doing a remote access the first time, and
> b) Someone intercepting it would have to have the ability to
> intercept and re-write packets at the transport layer (which is
> difficult).

Both SSH and TLS use Diffie-Hellman without risk, because they use public key 
signatures to protect the Diffie-Hellman values.  JEP-0116 is no different.

-Justin



More information about the Standards mailing list