[Standards] end to end encryption vs. usability and feature

Olivier Goffart ogoffart at kde.org
Mon Feb 26 21:45:45 UTC 2007


Le lundi 26 février 2007, Remko Tronçon a écrit :
> > So to work, we need a simple, and automatic and transparent for the user
> > way to do e2e encryption.
>
> This is indeed what Peter said on the XMPP talk at FOSDEM, and this is
> (a part of) the goal for our end to end encryption schemes, including
> OTR.

Yes. (I was on the talk at FOSDEM.)
But what I say is that it's *impossible*.
All protocols such as OTR uses the server to share public keys. 
But the server is one "Man in the middle" candidate.

It would be really simple to write a module for any server that would log any 
chat, even if they use OTR.

So it add zero security. (considered all network links are encrypted with TLS)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070226/fefa28f7/attachment.sig>


More information about the Standards mailing list