[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Draft Minutes of OpenPGP
On Thu, 4 Aug 2005, Ian Grigg wrote:
> Currently, IM is mostly unsecured (there is this thing
> to do with SSL to the server, but as the threat is on
> the node, that's ignorable). The way to approach
> securing chat (IMHO) is to layer OpenPGP over the
> top in a transparent fashion.
OpenPGP has a lot of characteristics that one wouldn't particularly want
in an IM privacy protocol. You might want to take a look at the "Off The
Record Messaging" system designed by Goldberg and Borisov. Their WPES
paper addresses the rationale behind ditching the OpenPGP threat model.
(More generally, I agree with the sentiment that ASCII-armored OpenPGP is
important for use with other protocols besides email, and should be the
canonical format for OpenPGP, email and otherwise.)