Another entry in the internet security hall of shame....
Peter Saint-Andre
stpeter at jabber.org
Fri Aug 26 10:53:12 EDT 2005
Adam Back wrote:
> Thats broken, just like the "WAP GAP" ... for security you want
> end2end security, not a secure channel to an UTP (untrusted third
> party)!
Well, in the Jabber/XMPP world you can run your own server (just as you
can in the email world). I see no harm in e2m channel encryption in that
(or any other) case if you've got a client-server architecture. Granted,
e2e security is also desirable.
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3511 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20050826/b91984ab/attachment.bin>
More information about the cryptography
mailing list