[Standards-JIG] Many to many e2e encryption (JEP-116)
kevin at kismith.co.uk
Tue Nov 29 14:31:33 UTC 2005
On 29 Nov 2005, at 04:42, Justin Karneges wrote:
> On Tuesday 29 November 2005 01:23, Nolan Eakins wrote:
>> Justin Karneges wrote:
>>> The trick, of course, is finding a way to distribute the session
>>> key, and
>>> it would probably be a good idea to change it every time someone
>>> joins or
>>> leaves (see SILC). And then on top of that you need some sort of
>>> control over who can join the room (e.g. at the very least, it
>>> require an invite from an existing participant, or perhaps a
>>> password-protected room).
>> As Ralph pointed out, doing things like that means you trust the MUC
> How so? It should be possible to send symmetrically encrypted
> messages and
> negotiate session keys without the MUC service knowing the keys.
That's the conclusion I came to. Are you trusting the MUC service to
correctly report participants though?
Psi Jabber client maintainer (http://psi-im.org/)
Postgraduate Research Student, Computer Science, University Of Exeter
More information about the Standards