| 1 |
Hi Mike, |
| 2 |
|
| 3 |
On 8/17/09, Mike Kazantsev <mk.fraggod@×××××.com> wrote: |
| 4 |
> |
| 5 |
> I'm using gajim with TLS-enabled (transport-level encryption) connection |
| 6 |
> to the servers and built-in GPG plugin to encrypt messages, containing |
| 7 |
> some auth info, which I occasionally have to pass. |
| 8 |
> I believe pidgin also had support for such feature via one of the |
| 9 |
> standard plugins. |
| 10 |
|
| 11 |
Thanks for the information. I've checked the wikipedia page of gajim. |
| 12 |
It's very interesting, however, I'm not a jabber user. But I'll check |
| 13 |
it again if any friend of mine is using jabber, since the GPG plugin |
| 14 |
is very attractive to me. |
| 15 |
|
| 16 |
Best regards, |
| 17 |
|
| 18 |
Wen |
| 19 |
|
| 20 |
> |
| 21 |
> TLS is widely-deployed on XMPP (jabber) servers, but encryption ends at |
| 22 |
> the server in question, so it can intercept / mangle the messages, so it |
| 23 |
> might be good idea to prefer large and reliable servers to |
| 24 |
> possibly-compromised or malicious small ones. |
| 25 |
> Furthermore, in case of XMPP, your (source) server is free to pass the |
| 26 |
> message in unencrypted form to destination server, so message can be |
| 27 |
> caught by any IP-sniffers on the route. |
| 28 |
> Then there's also remote client connection, which can be unencrypted |
| 29 |
> (no TLS/SSL) and likewise intercepted on TCP/IP level. |
| 30 |
> |
| 31 |
> GPG encryption requires clients on both sides to support it, but has |
| 32 |
> benefit that all cryptographic operations are happening on client |
| 33 |
> machines, so server (or any intermediate host) is unable to spoof |
| 34 |
> conversation, provided the encryption (GPG) keys aren't compromised. |
| 35 |
> |
| 36 |
> -- |
| 37 |
> Mike Kazantsev // fraggod.net |
| 38 |
> |
| 39 |
|
| 40 |
|
| 41 |
-- |
| 42 |
Xianwen Chen |
| 43 |
|
| 44 |
Mobile: +86 13774 228909 |
| 45 |
Email: cxi000@××××××××.no; xianwen.chen@×××××.com |
Archives