Ian G wrote: > Using SSL is the wrong tool > for the job. It's a chat message - it should be > encrypted end to end, using either OpenPGP or > something like OTR. And even then, you've only > covered about 10% of the threat model - the > server. > > But, if people do use the wrong tool for the > job, they will strike these issues...
Wasn't this the reason that Silc (http://www.silcnet.org) was born? Because the attempts to add security as an overlay onto existing IM was the wrong way to approach the problem? Personally I use Silc for my secure conversations; I wouldn't feel much safer at all if my connection to the Microsoft server was the only part of my message encrypted. Aaron
smime.p7s
Description: S/MIME Cryptographic Signature
