From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Md3ju-0006PK-Gs for garchives@archives.gentoo.org; Mon, 17 Aug 2009 15:03:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5043BE0339; Mon, 17 Aug 2009 15:03:13 +0000 (UTC) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.170]) by pigeon.gentoo.org (Postfix) with ESMTP id 23AA5E0339 for ; Mon, 17 Aug 2009 15:03:13 +0000 (UTC) Received: by wf-out-1314.google.com with SMTP id 28so828079wfc.10 for ; Mon, 17 Aug 2009 08:03:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=6ul1TsbtQ6rRc5wjYEpmBy9MEgf0zeA9xmSG36QYC4w=; b=V345R7FgV7NhGoLqqXcdlSqVVoUrtfW8oLChpcGZr6N1qz0+tE7AFkiGIXlS9m7apT ByrPEK1KWmhhhOry5Q9DEtrrsa9j+RLMhrbmzoWG3B/1gzJamB4e9n7zzuGZzGZ8/LrK sCC0wQKK6J+zlK3pahlNVbvWoJjqwapOXEzoE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=p8DaWGh91eTse1BvUjPJQRATh0fQEKKn0o3t+k/i52md/vQ06ds+Si9U22ccBkFfkX nlaeShTe29SBBUoGiEWMZMTdabMInGRzbMJfbkU6l5DZc1BjmnT73U0ZZFl9rGe4+r13 XqeFyALrhebwUdxXv87o2yiVaylY/xo7Bcs0A= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.142.8.9 with SMTP id 9mr689493wfh.67.1250521392705; Mon, 17 Aug 2009 08:03:12 -0700 (PDT) In-Reply-To: <20090817093853.5f96b00f@malediction> References: <9c74dfeb0908161919t4703bfb5u42bfb799da58f11@mail.gmail.com> <20090817093853.5f96b00f@malediction> Date: Mon, 17 Aug 2009 17:03:12 +0200 Message-ID: <9c74dfeb0908170803k75cafb8exa6c41f3f204d9476@mail.gmail.com> Subject: Re: [gentoo-user] Network message encryption From: Xianwen Chen To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 9b863e81-f719-4e5d-b62f-fdb1bc145693 X-Archives-Hash: 7e275c56c63c2fdf09a351a606b76e4e Hi Mike, On 8/17/09, Mike Kazantsev wrote: > > I'm using gajim with TLS-enabled (transport-level encryption) connection > to the servers and built-in GPG plugin to encrypt messages, containing > some auth info, which I occasionally have to pass. > I believe pidgin also had support for such feature via one of the > standard plugins. Thanks for the information. I've checked the wikipedia page of gajim. It's very interesting, however, I'm not a jabber user. But I'll check it again if any friend of mine is using jabber, since the GPG plugin is very attractive to me. Best regards, Wen > > TLS is widely-deployed on XMPP (jabber) servers, but encryption ends at > the server in question, so it can intercept / mangle the messages, so it > might be good idea to prefer large and reliable servers to > possibly-compromised or malicious small ones. > Furthermore, in case of XMPP, your (source) server is free to pass the > message in unencrypted form to destination server, so message can be > caught by any IP-sniffers on the route. > Then there's also remote client connection, which can be unencrypted > (no TLS/SSL) and likewise intercepted on TCP/IP level. > > GPG encryption requires clients on both sides to support it, but has > benefit that all cryptographic operations are happening on client > machines, so server (or any intermediate host) is unable to spoof > conversation, provided the encryption (GPG) keys aren't compromised. > > -- > Mike Kazantsev // fraggod.net > -- Xianwen Chen Mobile: +86 13774 228909 Email: cxi000@post.uit.no; xianwen.chen@gmail.com