[Standards-JIG] Secure Groupchat (was Re: The Great EncryptionDebate)

Ian Paterson ian.paterson at clientside.co.uk
Tue Aug 16 21:29:10 UTC 2005


> Ideally, secure groupchat should work over regular groupchat 
> servers, and only the participants would have the keys.

Yes, we can't trust the server. Whenever someone joins they should have
to negotiate keys with at least one of the participants.

> Speaking of conference rooms, I was just looking at some SILC 
> documents, and one technique they use is to change the session
> key every time someone enters or exits the room.

Seems like a sensible minimum.

> One nice thing about the above method is that it means 
> all participants should be available at the time of key
> negotiation (or renegotiation)

Not a problem for groupchat.

> which may open the door to some sort of multi-party
> diffie-hellman (if such a thing exists

[snip]

> Another issue with groupchat is message signing.  With 
> one-to-one sessions it is clear who is sending which
> message (if it wasn't you, then it was the 
> other guy).  However, with groupchat it seems that the 
> stanzas will need to be public key signed. I'm not sure
> yet how this would affect repudiability.

Maybe you're looking for something like (deniable) ring authentication?
http://www.wisdom.weizmann.ac.il/~naor/PAPERS/denring.pdf

- Ian




More information about the Standards mailing list