-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/2/09 6:50 PM, David Banes wrote: > > On 03/06/2009, at 9:17 AM, Peter Saint-Andre wrote: > > On 6/2/09 3:49 PM, Dave Cridland wrote: >>>> On Tue Jun 2 21:43:00 2009, Peter Saint-Andre wrote: >>>>> Thanks for the clarification. Personally I'd love to have key-login to >>>>> XMPP servers (and HTTP servers!) >>>> >>>> Pick the right client and server, and you can do this already, albeit >>>> with X.509 rather than PGP. > > Problem is, how many people have PGP keys or X.509 certs? Even the > security geeks on this list don't seem to use such technologies! > > >> We solved a similar problem with CipherIM in '99 by creating an RSA/DSA >> key pair during installation, using a password strength test algorithm, >> then using the result to create conversation level session keys once an >> SSL connection was up end to end.(client-server-client). > >> It all worked well, even our DSD contact here liked the end result, so >> much so we had to get a cypto export license. > >> Maybe the spec would allow ISV's to create an X.509 certificate at >> install time, on demand or use a supplied one from a CA. > >> The security is then as strong as the end user can be bothered to put in >> place.
Thanks for the perspective. I think that's pretty much what we're proposing here. And only 10 years after CipherIM. ;-) Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkolzV8ACgkQNL8k5A2w/vxIQACeNLJFF7Z3HuZ0PEivh0nsRgUO rAYAoMVvaN8KdwuqcdVNByKGfGv1dTAQ =JebG -----END PGP SIGNATURE-----
