[OTR-users] OTR and CHAT question
Greg Troxel
gdt at ir.bbn.com
Thu Jan 25 09:59:01 EST 2007
Ian Goldberg <ian at cypherpunks.ca> writes:
> On Wed, Jan 24, 2007 at 03:33:49PM -0500, Jiann-Ming Su wrote:
>> If your jabber server supports client-to-server encryption, then the
>> jabber chats should also be encrypted. In fact, using OTR with
>> encrypted jabber IM sessions isn't completely necessary. Doesn't
>> hurt, though.
>
> That's only true if you run your own Jabber server that everyone trusts.
> Client-to-server encryption doesn't help if someone else runs the server
> itself and can read/modify the messages there.
>
> - Ian
Also, c2s encryption doesn't provide deniability and does not
necessarily provide PFS....
Further, "necessary" is an individual judgement (which should be)
based on threat models and costs, and it therefore doesn't make any
sense at all to make general statements about what is necessary.
I use OTR even though I run my own jabber servers and use TLS to it,
and transport-mode IPsec between servers. You might choose to as well
if you noticed the black helicopters that follow you around :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20070125/7ca2c215/attachment.pgp>
More information about the OTR-users
mailing list