[OTR-users] Reasonably secure conference / chat rooms now?
Gregory Maxwell
gmaxwell at gmail.com
Mon Jun 21 12:25:41 EDT 2010
On Mon, Jun 21, 2010 at 11:15 AM, Paul Wouters <paul at cypherpunks.ca> wrote:
> On Sun, 20 Jun 2010, Daniel Clark wrote:
>
>> Does anyone know of a way, using OTR related or other protocols, to do
>> reasonably secure multi-party chat?
>> I found the mpOTR paper - http://www.cypherpunks.ca/~iang/pubs/mpotr.pdf -
>> but could not find any software that implements the protocol.
>
> Assuming you do not need deniability across multiple parties, the easy
> answer would be using a dedicated jabber server/room that only allows
> encrypted connections either via SSL or by only allowing VPN's
> access to the jabber service.
>
> That what my company uses right now.
Like many things in security the real concerns and threats are not
black and white.
You may not need strong deniability, ... but on the other hand the
jabber server sees the cleartext of all participants and can be
configured to log it (I understand this is even seen as an advantage
of running your own jabber server). So it doesn't necessarily provide
any deniability or even confidentiality if an attacker is able to gain
access to the server, potentially in the far future.
I hope that the difficulty of hard deniability, which is a nice thing
to have but which has questionable _legal_ usefulness especially in
the multi-party context, isn't getting in the way of anyone developing
a solid multi-party chat protocol with strong group confidentiality.
More information about the OTR-users
mailing list