Re: [JDEV] Re: Jabber sigs/crypto

[qbradley@csc.UVic.CA]

On Tue, 16 Feb 1999, Jeremie wrote:

> > 	- Architecture changes/extensions?  If a public-key based
> > cryptosystem is in place, there will have to be some kind of
> > infrastructure to deal with key distribution/management.  This is not
> > really too nasty, I think...but the one nasty thing I haven't thought of
> > how to handle yet is how to totally avoid (or keep to a BARE minimum) the
> > authentication between client and server...I'd like to keep pretty much
> > all authentication between client->client (with the server just acting as
> > an intermediary)...but I fear that you'll need server-client authetication
> > at each step to prevent a man-in-the-middle attack...but the problem is,
> > considering how computationally expensive these operations are, server
> > scaling would be _severely_ hampered, as too much authentication would
> > bring these machines to their knees (and we can't be like: "minimum server
> > platform: 21264" :)

Remember that there is no reason for one central monolithic server. Many
small servers would be better.  Many servers might only serve a few people
and authentication only takes place when the client starts up probably.

For encryption, the server can absolutely be taken entirely out of the
loop.  What you would do is encrypt the message text but not the tags or
recipient information.  This way the server just passes on the message,
not knowing or caring that the text of the message can't be read without
being decrypted.

Good luck!  I'm looking forward to a secure jabber :-)

Quetzalcoatl Bradley
qbradley@csc.uvic.ca