1 |
Hi Mike, |
2 |
|
3 |
On 8/17/09, Mike Kazantsev <mk.fraggod@×××××.com> wrote: |
4 |
> |
5 |
> I'm using gajim with TLS-enabled (transport-level encryption) connection |
6 |
> to the servers and built-in GPG plugin to encrypt messages, containing |
7 |
> some auth info, which I occasionally have to pass. |
8 |
> I believe pidgin also had support for such feature via one of the |
9 |
> standard plugins. |
10 |
|
11 |
Thanks for the information. I've checked the wikipedia page of gajim. |
12 |
It's very interesting, however, I'm not a jabber user. But I'll check |
13 |
it again if any friend of mine is using jabber, since the GPG plugin |
14 |
is very attractive to me. |
15 |
|
16 |
Best regards, |
17 |
|
18 |
Wen |
19 |
|
20 |
> |
21 |
> TLS is widely-deployed on XMPP (jabber) servers, but encryption ends at |
22 |
> the server in question, so it can intercept / mangle the messages, so it |
23 |
> might be good idea to prefer large and reliable servers to |
24 |
> possibly-compromised or malicious small ones. |
25 |
> Furthermore, in case of XMPP, your (source) server is free to pass the |
26 |
> message in unencrypted form to destination server, so message can be |
27 |
> caught by any IP-sniffers on the route. |
28 |
> Then there's also remote client connection, which can be unencrypted |
29 |
> (no TLS/SSL) and likewise intercepted on TCP/IP level. |
30 |
> |
31 |
> GPG encryption requires clients on both sides to support it, but has |
32 |
> benefit that all cryptographic operations are happening on client |
33 |
> machines, so server (or any intermediate host) is unable to spoof |
34 |
> conversation, provided the encryption (GPG) keys aren't compromised. |
35 |
> |
36 |
> -- |
37 |
> Mike Kazantsev // fraggod.net |
38 |
> |
39 |
|
40 |
|
41 |
-- |
42 |
Xianwen Chen |
43 |
|
44 |
Mobile: +86 13774 228909 |
45 |
Email: cxi000@××××××××.no; xianwen.chen@×××××.com |