On Tue, Mar 15, 2005 at 12:54:19PM -0600, Peter Saint-Andre wrote:
Why not help us make Jabber/XMPP more secure, rather than overloading AIM? With AIM/MSN/Yahoo your account will always exist at the will of
Unfortunately, I already have a large network of people who use AIM, and >they< all each have large networks of people who use AIM. Many of them still use the AIM client. Getting them to switch to gaim is feasible. Getting them to switch to Jabber is not. However, getting them to switch to gaim first, and then ultimately Jabber might be an option. Frankly, the former is more important to me in the short term.
AOL, whereas with XMPP you can run your own server etc. Unfortunately
Does "can" == "have to"? From what I remember of trying to run Jabber a few years ago, it did.
the original Jabber developers did not build encryption in from the beginning and the existing methods have not been implemented widely (OpenPGP over Jabber) or are not very Jabberish (RFC 3923), so we need to improve what we have. Contributions welcome. See here for pointers:
http://www.saint-andre.com/blog/2005-03.html#2005-03-15T11:23
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
On Tue, Mar 15, 2005 at 02:02:31PM -0500, Adam Fields wrote:
On Tue, Mar 15, 2005 at 12:54:19PM -0600, Peter Saint-Andre wrote:
Why not help us make Jabber/XMPP more secure, rather than overloading AIM? With AIM/MSN/Yahoo your account will always exist at the will of
Unfortunately, I already have a large network of people who use AIM, and >they< all each have large networks of people who use AIM. Many of them still use the AIM client. Getting them to switch to gaim is feasible. Getting them to switch to Jabber is not. However, getting them to switch to gaim first, and then ultimately Jabber might be an option. Frankly, the former is more important to me in the short term.
Yep, the same old story. :-)
AOL, whereas with XMPP you can run your own server etc. Unfortunately
Does "can" == "have to"? From what I remember of trying to run Jabber a few years ago, it did.
No, we have 200k registered users on the jabber.org server and some servers have even more. You can run your own server, though, and accept connections only from other servers you trust, etc. /psa --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
In message <20050315192048.GA25086@jabber.org>, Peter Saint-Andre writes:
On Tue, Mar 15, 2005 at 02:02:31PM -0500, Adam Fields wrote:
On Tue, Mar 15, 2005 at 12:54:19PM -0600, Peter Saint-Andre wrote:
Why not help us make Jabber/XMPP more secure, rather than overloading AIM? With AIM/MSN/Yahoo your account will always exist at the will of
Unfortunately, I already have a large network of people who use AIM, and >they< all each have large networks of people who use AIM. Many of them still use the AIM client. Getting them to switch to gaim is feasible. Getting them to switch to Jabber is not. However, getting them to switch to gaim first, and then ultimately Jabber might be an option. Frankly, the former is more important to me in the short term.
Yep, the same old story. :-)
AOL, whereas with XMPP you can run your own server etc. Unfortunately
Does "can" == "have to"? From what I remember of trying to run Jabber a few years ago, it did.
No, we have 200k registered users on the jabber.org server and some servers have even more. You can run your own server, though, and accept connections only from other servers you trust, etc.
Let me second the recommendation for jabber (though I wish the code quality of some of the components were better). The protocol itself supports TLS for client-to-server encryption; you can also have AIM (or other IM) gateways on that server. In many situations (i.e., wireless), it protects the most vulnerable link from eavesdropping. While clearly not as good as end-to-end encryption, it's far better than nothing, especially in high-threat environments such as the IETF... (Of course, I only know of one open source client -- psi -- that checks the server certificate.) In theory, server-to-server communications can also be TLS-protected, though I don't know if any platforms support that. On top of any other encryption, many implementations support PGP encryption between correspondents. I don't know of any support for e2e-encrypted chat rooms. I haven't played with OTR, nor am I convinced of the threat model. That said, what you really need to watch out for is the transcript files on your own machine... --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
participants (3)
-
Adam Fields -
Peter Saint-Andre -
Steven M. Bellovin