Another entry in the internet security hall of shame....

Peter Saint-Andre stpeter at jabber.org
Fri Aug 26 10:53:12 EDT 2005


Adam Back wrote:
> Thats broken, just like the "WAP GAP" ... for security you want
> end2end security, not a secure channel to an UTP (untrusted third
> party)!

Well, in the Jabber/XMPP world you can run your own server (just as you 
can in the email world). I see no harm in e2m channel encryption in that 
(or any other) case if you've got a client-server architecture. Granted, 
e2e security is also desirable.

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3511 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20050826/b91984ab/attachment.bin>


More information about the cryptography mailing list