[Standards-JIG] Many to many e2e encryption (JEP-116)

Nolan Eakins sneakin at semanticgap.com
Fri Nov 25 23:31:25 UTC 2005


Trejkaz wrote:
> On Friday 25 November 2005 22:04, Pierre THIERRY wrote:
> 
>>I don't see any other scenario that would scale up correctly with the
>>number of recipients growing (sending a specificly encrypted message for
>>each final recipients to the global one would just bloat the message of
>>there is many recipients, but maybe this is not a real problem if
>>confidentiality really matters).

You wouldn't have to re-encrypt the whole message for everyone. We could 
do something like PGP in that a key is encrypted w/ a public-key. We'd 
end up seeing an encrypted stanza followed by a bunch of encrypted keys 
for each person.

> One interesting possibility: assuming the format of this message is fairly 
> transparent, you could have the MUC room cut out the bulk of the keys in the 
> message such that each user only gets the key they need.  In such a fashion, 
> the message bulk would only occur when sending, and never when receiving, and 
> the server still never gets a chance to spy on the messages.

If each occupant did the encryption, then having MUC strip out unneeded 
encrypted keys would be icing on the cake. Not needed, but nice to have.

There's then the issue of getting keys out to the other occupants. The 
personal pub/sub service would work, but it would have to work through 
MUC...

- Nolan

-- 
SemanticGap: To act as one (TM) -- http://www.semanticgap.com/
Instant awareness & messaging * Online presence design
Cross platform and agile development



More information about the Standards mailing list