"Adrian Rapa" <[EMAIL PROTECTED]> wrote on 16-12-2002 10:15:51: > >hi, >i have another ideea.... can there be an optionl s2s over ssl? >i mean like there is c2s clear text and c2s over ssl, there should be >also s2s over ssl, other way, the cs2 over ssl is useless when i want >to comunicate accross the servers >
SSL is not meant for end to end encryption. Even if S2S would be encrypted with SSL you data could still be compromised, since on the servers it is decoded into plain text. So using S2S for server connections would give a false sense of security. Also there is no way of knowing wether the other person you're talking to is using SSL or not. If you still want to "secure" the S2S between 2 specific server you're able to do this with a VPN or SSH tunneling. Current use of GPG/PGP with Jabber *does* do a form end to end encryption. This is documented (can't be that hard to find, probably a JEP), but I think more work is being down right now to bring it in line with XML standards. -- Tijl Houtbeckers Java/J2ME/GPRS Software Engineer @ Splendo The Netherlands _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
