I just watched the OTR webcast. It is actually pretty well thought out. FYI the webcast is here.
http://csclub.uwaterloo.ca/media/Off-the-Record%20Messaging:%20Useful%20Security%20and%20Privacy%20for%20IM.html There are a few XMPP clients that support it already. Quite attractive. I revoke my idea about DH, I know it has weaknesses and clearly my assumptions about SSL/TLS were incorrect :(. We could get a mathematician on the band-wagon to come up with something: but that would mean making a new standard, which XMPP isn't really about. And OTR is a standard. And it does what we want. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Rescorla Sent: Tuesday, August 19, 2008 9:27 PM To: XMPP Security Subject: Re: [Security] TLS Certificates Verification On Tue, Aug 19, 2008 at 12:06 PM, Jonathan Dickinson <[EMAIL PROTECTED]> wrote: > Very good point Justin. Even if we implement SRP chances are that you could > get a few lazy developers that don't quit on the documented failure points. > Something simple to implement (I am going to read up on OTR now :)) may be a > good solution. Well, this is always a possibility, but PAKE-style systems are actually more robust here, sicne you get mismatched keys if the passwords are not equal. The major way to get hosed is to accept a bogus DH group. -Ekr
