[Standards] end to end encryption vs. usability and feature

Peter Saint-Andre stpeter at jabber.org
Tue Feb 27 01:05:10 UTC 2007


Olivier Goffart wrote:
> Le lundi 26 février 2007, Remko Tronçon a écrit :
>>> So to work, we need a simple, and automatic and transparent for the user
>>> way to do e2e encryption.
>> This is indeed what Peter said on the XMPP talk at FOSDEM, and this is
>> (a part of) the goal for our end to end encryption schemes, including
>> OTR.
> 
> Yes. (I was on the talk at FOSDEM.)
> But what I say is that it's *impossible*.
> All protocols such as OTR uses the server to share public keys. 
> But the server is one "Man in the middle" candidate.
> 
> It would be really simple to write a module for any server that would log any 
> chat, even if they use OTR.
> 
> So it add zero security. (considered all network links are encrypted with TLS)

Our protocol does not use the server to share server keys. Please read 
the specs before you comment.

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070227/ac8d4365/attachment.bin>


More information about the Standards mailing list