[Standards] end to end encryption vs. usability and feature

Peter Saint-Andre stpeter at jabber.org
Tue Feb 27 01:05:10 UTC 2007

Olivier Goffart wrote:
> Le lundi 26 février 2007, Remko Tronçon a écrit :
>>> So to work, we need a simple, and automatic and transparent for the user
>>> way to do e2e encryption.
>> This is indeed what Peter said on the XMPP talk at FOSDEM, and this is
>> (a part of) the goal for our end to end encryption schemes, including
>> OTR.
> Yes. (I was on the talk at FOSDEM.)
> But what I say is that it's *impossible*.
> All protocols such as OTR uses the server to share public keys. 
> But the server is one "Man in the middle" candidate.
> It would be really simple to write a module for any server that would log any 
> chat, even if they use OTR.
> So it add zero security. (considered all network links are encrypted with TLS)

Our protocol does not use the server to share server keys. Please read 
the specs before you comment.


Peter Saint-Andre
XMPP Standards Foundation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070227/ac8d4365/attachment.bin>

More information about the Standards mailing list