Thanks to all for the answer/suggestions... What i have think now is to automatize the process of exchanging keys using OpenPGP key servers, after all they are suppossed to be synchronized, aren't they? Also i will develop something to create the OpenPGP keypair (just in case the user has not used PGP before...)
Apart from that i have been thinking on reporting a comment to the jabber people about this... I have developed a simple solution which basically stores the public in the jabber server in a place accessible for everyone but that only the user can write, i've been testing it and looks nice, should i make a more formal document and report it to jabber.org? Finally and considering that i will use OpenPGP to handle the encryption, should i use GnuPG? I have been looking at the BouncyCastle cryptography extension (a set of librearies to perform cryptographic functions), by using that i may avoid using GnuPG, what do you think? Thanks again :-) Moriano El dom, 05-03-2006 a las 08:56 +0100, Remko Troncon escribió: > On 04 Mar 2006, at 23:19, Michal Vaner (Vorner) wrote: > > > the point with PGP is that user checks and signs the key (if he > > trusts it). > > Therefore, key exchange can not happen automatically, since it > > would break > > one of the main idea of PGP, that user knows who he is encrypting to. > > Key exchange and key signing are still different things. Before you > can start thinking about trust and signing, you still need to > exchange your keys, which might be automated by your jabber client > for more comfort. Of course, when using the key, your Jabber client > should tell you that your key has not been signed and/or isn't > trusted yet. > > cheers, > Remko
