On Thu Jan 15 15:35:57 2009, Okano, Stephen wrote:
I have been following the forums on end-to-end encryption for a
while as I am involved in a project developing group end-to-end
encryption. It looks like the XEPs currently are focused on e2e
encryption between two entities. Is there any framework for
implementing encryption in a Multi-User Chat framework?
Not really, but various approaches have been tried in the field.
If so which XEPs are most relevant? We have extended pidgin's
implementation of XMPP to enable group e2e encryption using our own
XMPP tags, but I can imagine there might already be a standardized
way for specifying group e2e in XMPP. Thanks for any help!
Encryption in a MUC implies encrypting the message such that all
authorized occupants can see it.
There's essentially two approaches:
1) The sender encrypts for each occupant of the room. (ie, the master
key is sent to each authorized occupant).
2) The sender encrypts for the room, the room encrypts for each
occupant.
(2) can be achieved using e2e encryption with the room or MUC
service, of course, but requires the room itself be trusted - I think
it's the more sensible approach, however, for most circumstances,
although it needs special server support.
(1) Could be done if each occupant sent, individually, the same
master key encrypted for each individual occupant, and then, using
their master key, encrypted each message prior to sending to the MUC,
signed with their public key. You could do this without server
support, or else you could combine both approaches.
I suspect that even for (2), you'd want to sign each stanza to avoid
at least forgery, and that's useful technology on its own, since we
can reuse that for authenticated retransmissions of various kinds,
such as PubSub. There are a few deployed sites doing
PKI-authenticated stanzas, I think.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
