[Standards] end to end encryption vs. usability and feature
stpeter at jabber.org
Tue Feb 27 01:05:10 UTC 2007
Olivier Goffart wrote:
> Le lundi 26 février 2007, Remko Tronçon a écrit :
>>> So to work, we need a simple, and automatic and transparent for the user
>>> way to do e2e encryption.
>> This is indeed what Peter said on the XMPP talk at FOSDEM, and this is
>> (a part of) the goal for our end to end encryption schemes, including
> Yes. (I was on the talk at FOSDEM.)
> But what I say is that it's *impossible*.
> All protocols such as OTR uses the server to share public keys.
> But the server is one "Man in the middle" candidate.
> It would be really simple to write a module for any server that would log any
> chat, even if they use OTR.
> So it add zero security. (considered all network links are encrypted with TLS)
Our protocol does not use the server to share server keys. Please read
the specs before you comment.
XMPP Standards Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards