e2e all the way (Re: Another entry in the internet security hall of shame....)
Peter Saint-Andre
stpeter at jabber.org
Fri Aug 26 15:46:13 EDT 2005
Adam Back wrote:
> Well I think security in IM, as in all comms security, means security
> such that only my intended recipients can read the traffic. (aka e2e
> security).
>
> I don't think the fact that you personally don't care about the
> confidentiality of your IM messages should argue for not doing it.
> Fair enough you don't need it personally but it is still the correct
> security model. Some people and businesses do need e2e security. (It
> wasn't quite clear, you mention you advised jabber; if you advised
> jabber to skip e2e security because its "too hard"... bad call I'd
> say).
No one advised any such thing, and e2e was a requirement addressed
within the IETF by the XMPP WG, resulting in RFC 3923.
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3511 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20050826/864d102f/attachment.bin>
More information about the cryptography
mailing list