On Nov 1, 2010, at 12:34 , Stephen Pendleton wrote: > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Peter Saint-Andre > Sent: Thursday, October 28, 2010 1:41 PM > To: Jabber/XMPP software development list > Subject: Re: [jdev] Possible Off Topic but of XMPP Interest: Wiki Leaks uses > XMPP > > On 10/23/10 11:52 AM, Ernest Nova wrote: > >> They were storing the private keys of end users on their XMPP server? >> That seems like a bad idea. If they were storing the private key of the >> server itself (i.e., the certificate used for TLS), that's another story... > > A perfect illustration of the importance of the use (and implementation) of > OTR-enabled clients in today's world.
At the very least, using actual end-to-end encryption. You can still use certificates, just don't store the user's private key on the server! - m&m _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
