Hello everybody,
My name is Michael Fischinger and I am doing some research at the Salzburg University of Applied Science, in particular its about XMPP security. I just read through the latest internet draft about End-to-End Object Encryption and Signatures for the Extensible Messaging and Presence Protocol (XMPP) (http://www.ietf.org/archive/id/draft-miller-xmpp-e2e-07.txt). I am not very experienced with XMPP and its security so far. Thus I have a question according to the following quotation which I have from http://op-co.de/blog/tags/xmpp/: In the light of last year's revelations, it should be clear to everybody that end-to-end encryption is an essential part of any modern IM suite. Unfortunately, XMPP is not there yet. The XMPP Ubiquitous Encryption Manifesto is a step into the right direction, enforcing encryption of client-to-server connections as well as server-to-server connections. However, more needs to be done to protect against malicious server operators and sniffing of direct client-to-client transmissions. So my question is: What is actually the problem with the latest XMPP end-to-end encryption and signing approaches and why isnt it safe against malicious server operators and sniffing of direct client-to-client transmissions? And is there anything else I should know? I would be glad if anyone could help me! I look forward to hearing from you. Yours sincerely, DI Michael Fischinger -- FACHHOCHSCHULE SALZBURG GmbH Salzburg University of Applied Sciences DI Michael Fischinger Wissenschaftlicher Mitarbeiter Informationstechnik & System-Management (ITS) Urstein Süd 1 | 5412 Puch/Salzburg | Austria fon: +43 (0)50 2211 1309 fax: +43 (0)50 2211 1349 web: www.fh-salzburg.ac.at Gerichtsstand Salzburg | FN166054y
