[Standards] Any protocol to request encrypted connections?

Peter Saint-Andre stpeter at jabber.org
Tue Feb 6 16:39:07 UTC 2007


Ralph Meijer wrote:
> On Tue, 2007-02-06 at 16:19 +0000, Richard Dobson wrote:
>>> why not jingle and use p2p udp with encryption of text?  but to be
>>> honest sharing gpg keys between endpoints works well for me
>> I have a feeling that wont work for what Matthias wants, I believe he 
>> wants a method of ensuring the messages are delivered over encrypted 
>> connections along the way but keeping the ability of servers to be able 
>> to log those messages for compliance reasons, so any form of e2e where 
>> the servers cannot decode the content is pretty much out in this situation.
> 
> Given that you would need to trust all entities in the path between
> end-points, I expect a better (only) approach would be to only route e2e
> encrypted traffic that can also be decrypted by the logging server, or
> something.

IMHO that's not really e2e encryption, then. :-)

Given the existence of certain government regulations, I understand the 
effective need to log communications at the server side, especially in 
enterprise environments. Such organizations will probably not allow 
their employees to use end-to-end encryption. But they might want to 
ensure that a stanza is sent over encrypted channels all along the 
routing path (c2s at local domain, s2s between local domain and foreign 
domain, c2s at foreign domain). I think that such organizations will 
probably open up interdomain federation only with trusted partners and 
suppliers. So they will sign some kind of business level agreement that 
involves promises of channel encryption (either categorically or upon 
request). If channel encryption is not required categorically, the 
question then becomes: how do you request that a stanza must be 
delivered only over encrypted channels? Can you request it for a given 
chat session, request it between two given entities, etc.?

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070206/009262fe/attachment.bin>


More information about the Standards mailing list