-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/4/09 4:23 PM, Jonathan Dickinson wrote: >> -----Original Message----- From: [email protected] >> [mailto:[email protected]] On Behalf Of Simon Josefsson >> Sent: 03 June 2009 09:50 AM To: XMPP Security Subject: Re: >> [Security] PGP (XEP-0027) >> >> Justin Karneges <[email protected]> writes: >> >>> On Tuesday 02 June 2009 22:24:07 Simon Josefsson wrote: >>>> I'm not aware of well >> standardized online password-based solutions, without a trusted >> third party (think Kerberos), that have good properties except for >> SRP. PSK based on a password has offline dictionary attack >> concerns. Does anyone recall discussion of other options? > > Just to throw a spanner in the works - we *do* have a trusted third > party. Jabber.org - or at least one of the user's server. Although > what would the ramifications be of releasing Kerberos on poor > unsuspecting Jabber users?
I don't think that jabber.org is a trusted third party, and I'm in charge of jabber.org. ;-) Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkooS9kACgkQNL8k5A2w/vzA4QCgmpOJ/u4BVfaE/ZtIbHnF3f4O tPMAoIr3P2PmOZJIBgCCIY7ILVJD8U9w =m/pV -----END PGP SIGNATURE-----
