Hello Alexey, Thank you for your prompt reply, please, help me with the following comments.
Wednesday, October 27, 2004, 10:56:43 AM, you wrote: > В сообщении от Среда 27 Октябрь 2004 11:48 Alex Kogan написал(a): >> Hi everyone, >> >> I'm new to this mailing list. And I have a question to all Jabber >> developers concerning security issues. I'm working on a Jabber-like >> protocol for one-to-many chatting, it will be simpler and used for >> local needs mostly. I'm writing a server in PHP and would like to >> find the best way to protect communication in this protocol from >> sniffing. Is this possible? I was reading through the Jabber RFC and >> seems that I should look deeper into the TSL and SASL issues. > TLS provides extra crypto-layer so all data passed forth and back will be > protected - just like if you working via SSH, for example. >> However, I was not able to get the idea of how these security issues >> work in practice. Can you help me giving a practical advice on >> implementing client-server communication which is somehow encrypted >> and still be possible to read for server/client and >> sniffing-protected at the same time? I also had a look into >> class.jabber.php and its SendAuth() method, but again, I failed to >> get the idea of md5() encoding. Is the whole conversation encoded >> further? > Old auth uses md5 method for authentication. The password is not decodeable - > the provided info is just enough only for auth. >> >> Thank you. Hoping you can help me, at least show the right direction >> for me. > You should really consider using TLS. This is what I cannot understand to the bottom of things. Which definite steps are involved in this usage? How do I start and go on with encryption? > And, BTW - why not use jabber for it? It have support for one-to-many chat. It > have name Multi-User-Chat (JEP-0045) Jabber protocol is very superfluous for our needs, that is why I'm going to rework the protocol and add some very reserved functionality it does not have now. -- Best regards, Alex mailto:[EMAIL PROTECTED] _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mail.jabber.org/mailman/listinfo/jdev
