[18291] in cryptography@c2.net mail archive
Re: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Fri Aug 26 14:27:12 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Enzo Michelangeli" <enzomich@gmail.com>
To: <cryptography@metzdowd.com>
Date: Fri, 26 Aug 2005 23:23:55 +0800
----- Original Message -----
From: "Perry E. Metzger" <perry@piermont.com>
To: "Adam Back" <adam@cypherspace.org>
Cc: "Peter Saint-Andre" <stpeter@jabber.org>; <cryptography@metzdowd.com>
Sent: Friday, August 26, 2005 8:55 PM
Subject: Re: Another entry in the internet security hall of shame....
[...]
> Remember that Jabber and similar protocols also trust servers to some
> extent. Servers store and distribute valuable information like
> presence data -- it is architecturally hard to do otherwise.
Well, not really: the buddies on the list can be located through a
Distributed Hash Table such as Kademlia, and, once their IP addresses are
known, their presence can be checked by ping/pong exchange of UDP packets
every few seconds. The biggest problem is represented by NATs, but there
are techniques that can alleviate it (hole punching or, in stubborn cases,
relaying through non-NATted nodes).
> I agree that you *also* want end to end, such as pgp over Jabber
> provides. I really wish Gaim supported the pgp over Jabber stuff the
> way PSI does...
Why not get OTR then? http://www.cypherpunks.ca/otr/
Enzo
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
