Dirk Meyer dmeyer wrote: Hi,
> It makes no > sense to talk about e2e security when you receive your XMPP client > from a server just before you use it. Well, I have potential use for it: I am running chat-services for social-psychological aid. My customers do trust me with software and servers, they might or might not trust me with the content of the chats. The work of some of my customers might be subject to laws on medical secrecy, medical information protection or other (privacy) legislation. Other customers have strict protocols on storage / not storing and who should have access to the chats. Apart from this, different legislations on things like wiretapping and handing over traffic to the police in different countries might cause problems. So e2e encryption on the following path: webclient <-> my server <-> (web)client can save me and my customers a lot of headaches: being unable to know is usually the best for me. This still leaves the question open whether it is feasible to make a javascript client do XMPP over TLS over IBB over BOSH over HTTPS? ;-) best wishes, Winfried -- http://www.tilanus.com xmpp:[EMAIL PROTECTED] tel. 015-3613996 / 06-23303960 fax. 015-3614406
