[Standards-JIG] Many to many e2e encryption (JEP-116)

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Mon Nov 28 23:09:14 UTC 2005


On Friday 25 November 2005 03:04, Pierre THIERRY wrote:
> I don't see any other scenario that would scale up correctly with the
> number of recipients growing (sending a specificly encrypted message for
> each final recipients to the global one would just bloat the message of
> there is many recipients, but maybe this is not a real problem if
> confidentiality really matters).

If there are 50 groupchat participants, all sharing the same session key, then 
there is no need to have the same message encrypted 50 times.  Just encrypt 
the message once, with the one known session key.  Sign it with the sender's 
public key.  O(1) or something.

The trick, of course, is finding a way to distribute the session key, and it 
would probably be a good idea to change it every time someone joins or leaves 
(see SILC).  And then on top of that you need some sort of access control 
over who can join the room (e.g. at the very least, it should require an 
invite from an existing participant, or perhaps a password-protected room).

-Justin



More information about the Standards mailing list