[Standards-JIG] Many to many e2e encryption (JEP-116)
sneakin at semanticgap.com
Fri Nov 25 23:31:25 UTC 2005
> On Friday 25 November 2005 22:04, Pierre THIERRY wrote:
>>I don't see any other scenario that would scale up correctly with the
>>number of recipients growing (sending a specificly encrypted message for
>>each final recipients to the global one would just bloat the message of
>>there is many recipients, but maybe this is not a real problem if
>>confidentiality really matters).
You wouldn't have to re-encrypt the whole message for everyone. We could
do something like PGP in that a key is encrypted w/ a public-key. We'd
end up seeing an encrypted stanza followed by a bunch of encrypted keys
for each person.
> One interesting possibility: assuming the format of this message is fairly
> transparent, you could have the MUC room cut out the bulk of the keys in the
> message such that each user only gets the key they need. In such a fashion,
> the message bulk would only occur when sending, and never when receiving, and
> the server still never gets a chance to spy on the messages.
If each occupant did the encryption, then having MUC strip out unneeded
encrypted keys would be icing on the cake. Not needed, but nice to have.
There's then the issue of getting keys out to the other occupants. The
personal pub/sub service would work, but it would have to work through
SemanticGap: To act as one (TM) -- http://www.semanticgap.com/
Instant awareness & messaging * Online presence design
Cross platform and agile development
More information about the Standards