[Standards-JIG] Many to many e2e encryption (JEP-116)

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Tue Nov 29 19:42:19 UTC 2005


On Tuesday 29 November 2005 13:50, Nolan Eakins wrote:
> Justin Karneges wrote:
> >How so?  It should be possible to send symmetrically encrypted messages
> > and negotiate session keys without the MUC service knowing the keys.
>
> What you're proposing does not require the MUC service to do the
> encryption? Could you provide an outline of how you think it should work?

Well, just consider how JEP-0116 works.  A session key is negotiated, and 
messages are exchanged, all without the server having to be "esession"-aware.

In order for the intended recipients to be able to decrypt the message, they 
simply need the decryption key.  This is commonly possible with symmetric 
encryption keys, where there are almost always at least two parties that can 
decrypt the same message.  Also, consider for a moment that even an 
asymmetric private key, like RSA, could be known by more than one user.

Thus, avoiding the "encrypt N times" problem is straightforward: ensure the 
recipients have the decrypting key.

-Justin



More information about the Standards mailing list