Jonathan Schleifer wrote:
Am 18.08.2008 um 21:22 schrieb Dirk Meyer:That is not an option for me. I want bots to talk to each other. They can not use the phone.That's why for example ESessions doesn't only provide SAS, but also using public keys. It does not need to use public keys, but it can. This is indeed *VERY* nice as there's no need to generate a key then.I still think that ESessions is *THE* solution for encrypted IM.
Except that it's an unanalyzed technology. TLS has undergone years and years of analysis and hardening. I like the ideas behind ESessions and real security folks who've glanced at it seem to think it's not entirely dodgy, but that doesn't mean it would withstand a full security analysis.
Plus using TLS enables us to re-use code for the client-to-server, server-to-server, link-local, and end-to-end scenarios. I consider that a good thing.
/psa
smime.p7s
Description: S/MIME Cryptographic Signature
