[Standards-JIG] Many to many e2e encryption (JEP-116)

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Tue Nov 29 04:42:30 UTC 2005


On Tuesday 29 November 2005 01:23, Nolan Eakins wrote:
> Justin Karneges wrote:
> >The trick, of course, is finding a way to distribute the session key, and
> > it would probably be a good idea to change it every time someone joins or
> > leaves (see SILC).  And then on top of that you need some sort of access
> > control over who can join the room (e.g. at the very least, it should
> > require an invite from an existing participant, or perhaps a
> > password-protected room).
>
> As Ralph pointed out, doing things like that means you trust the MUC
> service.

How so?  It should be possible to send symmetrically encrypted messages and 
negotiate session keys without the MUC service knowing the keys.

-Justin



More information about the Standards mailing list