[Standards-JIG] Many to many e2e encryption (JEP-116)
justin-keyword-jabber.093179 at affinix.com
Tue Nov 29 04:42:30 UTC 2005
On Tuesday 29 November 2005 01:23, Nolan Eakins wrote:
> Justin Karneges wrote:
> >The trick, of course, is finding a way to distribute the session key, and
> > it would probably be a good idea to change it every time someone joins or
> > leaves (see SILC). And then on top of that you need some sort of access
> > control over who can join the room (e.g. at the very least, it should
> > require an invite from an existing participant, or perhaps a
> > password-protected room).
> As Ralph pointed out, doing things like that means you trust the MUC
How so? It should be possible to send symmetrically encrypted messages and
negotiate session keys without the MUC service knowing the keys.
More information about the Standards