[Standards-JIG] RE: Encrypted sessions

Peter Saint-Andre stpeter at jabber.org
Thu Jun 8 16:19:34 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ian Paterson wrote:
> Jean-Louis wrote:
>> The JEP-116 without "offline encryption" 
>> will be even more secure, because there won't be any inter 
>> session key material left to be compromised. This is what 
>> real Perfect Forward Secrecy is about. 
> 
> Since the alternative is no encryption of offline messages, it could
> hardly be "even more secure". ;-)
> 
> Offline messages would still benefit from Perfect Forward Secrecy,
> although PFS would not start until the user came online.
> 
>> The added complexity comes in the management of crypto material
> between 
>> sessions (check, remove, add, etc...) just for the sake of 
>> "offline encryption". Without this part, JEP-116 
>> implementation is straightforward. Is the added complexity 
>> worth the effort?
> 
> IMHO yes, absolutely (see above).
> 
> Note that offline encryption is already optional (MAY), so implementors
> can decide for themselves.
> 
> If it makes it easier for implementors I suppose we could consider
> spliting the document into two JEPs?
> 
> After all, online-only encryption is better than no encryption at all.
> ;-)

We've had many discussions about this, starting back when JEP-0116 was
first published. Some people wanted support for encryption of offline
messages, others (including DizzyD and I as authors of the original
spec) never thought it was important. If the person you want to chat
with is offline, you have many options:

1. Wait until the person is online (presence rocks).

2. Send one offline message saying "ping me when you're online".

3. Send encrypted email saying "let's set up a time to chat".

Etc.

Peter

- --
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEiE4VNF1RSzyt3NURAlIVAJ95fP0UexG7H7aR2jS+w249S0c7lwCg5PUg
GqR53kM21JEOKTK6vp0I9WE=
=aHCy
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060608/ac55b110/attachment.bin>


More information about the Standards mailing list