I am struggling tonight (well early this morning). I am trying to decide on a good topic for the security class I am taking at St. Thomas. My three favorite areas might be:
1. jabber/im security
2. md5 thirdparty jar trust testing within web applications
3. intrusion detection software
I think that with respects to Jabber, I know I could probably set up some kind of interface that looks at having a secure tip-to-tail client experience. IM clients today typically transmit in cleartext, and persist records of conversations similarly. Using PGP, digital signatures, and encryption of the stored message history, I think that I could demonstrate the case for a secure IM situation. For instance, now a criminal could simpley get the cleartext off your machine rather than intercept all of the individual messages.
This article suggests an approach called Off-the-Record for implementing signed IM transfers.
This article discusses using emails for the keys, similarly the user's jabber id could be used for this purpose.
Jive is a new server that runs on XMPP.
Posted by ledlogic at March 15, 2005 01:38 AM