[Standards-JIG] Many to many e2e encryption (JEP-116)
justin-keyword-jabber.093179 at affinix.com
Tue Nov 29 19:42:19 UTC 2005
On Tuesday 29 November 2005 13:50, Nolan Eakins wrote:
> Justin Karneges wrote:
> >How so? It should be possible to send symmetrically encrypted messages
> > and negotiate session keys without the MUC service knowing the keys.
> What you're proposing does not require the MUC service to do the
> encryption? Could you provide an outline of how you think it should work?
Well, just consider how JEP-0116 works. A session key is negotiated, and
messages are exchanged, all without the server having to be "esession"-aware.
In order for the intended recipients to be able to decrypt the message, they
simply need the decryption key. This is commonly possible with symmetric
encryption keys, where there are almost always at least two parties that can
decrypt the same message. Also, consider for a moment that even an
asymmetric private key, like RSA, could be known by more than one user.
Thus, avoiding the "encrypt N times" problem is straightforward: ensure the
recipients have the decrypting key.
More information about the Standards