Is using JABBER really secured?
1 Attachment(s)
Hi,
Everyone on this board knows the technique of the man in the middle. I would like to start the discussion about jabber. http://www.jabber.org/ Is that really wise to use jabber, or psi, and so on? http://lifehacker.com/289097/chat-wi...er-google-talk Here find a shot of trusting, sometimes, blind'y... |
Your question seems to combine the protocol (jabber) and user acceptance of certificates (pki) which are 2 completely separate things - which one are you concerned about ?
|
Quote:
- Well, actually Jabber is considered (in the title). Servers, jabbers, man in middle, and others |
Jabber (XMPP) supports TLS and SASL for encryption, there are several RFC's which cover different aspects of the protocol, the primary ones being - 3920, 3921, 3922, 3923. You may be interested in reading 3920 and 3923 (End-to-end signing and object encryption). I guess you would still be vulnerable to dns poisoning attacks (think MITM) but that's not really an issue with XMPP itself.
cheers |
All times are GMT -5. The time now is 10:26 AM. |