Thanks for the responses! Unfortunately the limitations of our operating environment network limit our ability to establish encrypted links between MUC servers and we are can not trust all the nodes in between end users, which does require some sort of key distribution.
Currently to implement key distribution and e2e encrypted messages I implemented a <ge2e> tag inside MUC messages. On sending chat messages we catch the output text, encrypt it and add the ge2e tag. When receiving a ge2e message, the <ge2e> data is sent to a plugin which decrypts the text and send it back to the UI. The encrypt/decrypt mechanism could be any algorithm. We use databases to store certificates and bindings between certificates and JIDs. We are thinking of sending the encrypted data in CMS structures so that the data is parsed through a known format. We would then make the ge2e element specify how the data inside is packed and what type of data is enclosed, (encrypted text/certificates for key distro/JID-cert bindings) Steve -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dirk Meyer Sent: Thursday, January 15, 2009 11:20 AM To: XMPP Standards Subject: Re: [Standards] MUC E2E encryption Hi, "Okano, Stephen" wrote: > I have been following the forums on end-to-end encryption for a while > as I am involved in a project developing group end-to-end > encryption. It looks like the XEPs currently are focused on e2e > encryption between two entities. Is there any framework for > implementing encryption in a Multi-User Chat framework? Not yet. I thought about it some time ago, but didn't came up with a good solution. One question: do you trust the MUC server? If you do (and only misstrust the link between your client and the MUC server), you can open an e2e link to the MUC server. But I guess you don't trust the MUC server and want to encrypt all communication in the channel. That requires some sort of key distribution. > We have extended pidgin's implementation of XMPP to enable group e2e > encryption using our own XMPP tags, but I can imagine there might > already be a standardized way for specifying group e2e in XMPP. Maybe you can send us your idea and we can find a way to make it working based on our current e2e discussions. Dirk -- Stress is when You wake up screaming and then realize You haven't slept at all
