[Standards] end to end encryption vs. usability and feature
ogoffart at kde.org
Mon Feb 26 21:45:45 UTC 2007
Le lundi 26 février 2007, Remko Tronçon a écrit :
> > So to work, we need a simple, and automatic and transparent for the user
> > way to do e2e encryption.
> This is indeed what Peter said on the XMPP talk at FOSDEM, and this is
> (a part of) the goal for our end to end encryption schemes, including
Yes. (I was on the talk at FOSDEM.)
But what I say is that it's *impossible*.
All protocols such as OTR uses the server to share public keys.
But the server is one "Man in the middle" candidate.
It would be really simple to write a module for any server that would log any
chat, even if they use OTR.
So it add zero security. (considered all network links are encrypted with TLS)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Standards