[Standards-JIG] Many to many e2e encryption (JEP-116)

Kevin Smith kevin at kismith.co.uk
Tue Nov 29 14:31:33 UTC 2005


On 29 Nov 2005, at 04:42, Justin Karneges wrote:
> On Tuesday 29 November 2005 01:23, Nolan Eakins wrote:
>> Justin Karneges wrote:
>>> The trick, of course, is finding a way to distribute the session  
>>> key, and
>>> it would probably be a good idea to change it every time someone  
>>> joins or
>>> leaves (see SILC).  And then on top of that you need some sort of  
>>> access
>>> control over who can join the room (e.g. at the very least, it  
>>> should
>>> require an invite from an existing participant, or perhaps a
>>> password-protected room).
>>
>> As Ralph pointed out, doing things like that means you trust the MUC
>> service.
>
> How so?  It should be possible to send symmetrically encrypted  
> messages and
> negotiate session keys without the MUC service knowing the keys.

That's the conclusion I came to. Are you trusting the MUC service to  
correctly report participants though?

/K

-- 
Kevin Smith
Psi Jabber client maintainer (http://psi-im.org/)
Postgraduate Research Student, Computer Science, University Of Exeter





More information about the Standards mailing list