May 15, 2004

Encryption support for Adium X

Encryption support request in Adium X. I have just posted the following bit to Adium X support forum:
There seems to have been a lot of discussion on this in the past threads, yet it would seem that for the sake of providing something "superior" nothing is available so far. While I would agree that false sense of security is worse than no security at all, it would also seem that awaiting for all major IM protocols/services to come up with *some* sort of a unified scheme is waiting in vain. I'd frankly doubt that MSN or AIM/ICQ by themselves would *ever* provide secure comm (Passport, anyone?). Besides, relying on a.m. service providers almost automatically means that expectation is that some form of server-based security would have to be implemented, which I think is a bit flawed. I think it was on gaim-e list that a statement was made that (paraphrase) it does not make sense to use client-based encryption (e.g. GnuPG/PGP), because (a) you can't use it in multi-way chat and (b) some mediums (e.g. IRC) don't support it at all. I think it is not a correct assumption. I may be wrong, but it seems to me that major part of communication is done on a one-to-one basis, hence encryption scheme using GnuPG/PGP would work perfectly. Besides, aside from a case when a single user in a multi-way chat/conference does not have a key (and hence whole conference cannot be conducted securely), there's nothing holding from sending a separate chat message encrypted for a particular party. Lastly, as mentioned elsewhere on this forum, GnuPG/PGP round-tripping would, probably, be the easiest type of secure comm implementation -- and it will be as secure as one can get at this point -- sure if you trust it encrypting your email traffic, it should be sufficient for chat messages?

No comments:

Post a Comment