> -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Simon Josefsson > Sent: 03 June 2009 09:50 AM > To: XMPP Security > Subject: Re: [Security] PGP (XEP-0027) > > Justin Karneges <[email protected]> writes: > > > On Tuesday 02 June 2009 22:24:07 Simon Josefsson wrote: > >> I'm not aware of well > standardized online password-based solutions, without a trusted third > party (think Kerberos), that have good properties except for SRP. PSK > based on a password has offline dictionary attack concerns. Does > anyone > recall discussion of other options?
Just to throw a spanner in the works - we *do* have a trusted third party. Jabber.org - or at least one of the user's server. Although what would the ramifications be of releasing Kerberos on poor unsuspecting Jabber users? > > /Simon
