Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Secure IM Client from NTT Due this Year

Posted by CowboyNeal on from the excuse-to-say-docomo dept.

An anonymous reader writes "NTT in Japan has developed a new TLS-based secure instant messaging system that it says will comply with corporate compliance regulations, such as the post-Enron Sarbanes-Oxley Act. There's a PC version, as well as a Java one for i-Mode cell phones."

3 of 61 comments (clear)

  1. Gaim and OTR by ChazeFroy · · Score: 3, Informative

    OTR doesn't use TLS, but it does a great job encrypting conversations. Much better approach than SecureIM by Trillian or gaim-encryption.

    1. Re:Gaim and OTR by fossa · · Score: 4, Informative

      Um... OTR is not PGP for a reason. I'm no crypto expert, but with PGP, Alice and Bob know each others public keys. They encrypt messages to each other, and anyone with the secret key, hopefully only Alice or Bob, can decrypt or forge a message. If these messages are stored, any breach due to a trojan, subpoena, etc. will be able to recover the messages.

      OTR uses PGP to create a "shared secret" which is used to generate temporary encryption keys for each conversation. During the conversation, the security is the same as in the PGP case. After the conversation, the temporary encryption keys are discarded, so that no one may now decrypt the conversation (at least, they should be discarded). I'm a bit confused on the final step, but I think the shared secret is then published which allows anyone to create new temporary encryption keys which may be used to generate messages that belong to the conversation. This fact may be used to deny the validity of any claimed transcript of the conversation (and this way you don't need to trust that Bob has really discarded the temporary keys).

  2. Re:Jabber? by Randle_Revar · · Score: 4, Informative

    The XMPP RFC describes the useage of SASL and TLS:
    http://www.ietf.org/rfc/rfc3920.txt
    TLS can be used on client-sever connections and on sever-server connections.

    JEP 27 describes the useage of OpenPGP for encryption:
    http://www.jabber.org/jeps/jep-0027.html

    RFC 3923 describes S/MIME useage:
    http://www.ietf.org/rfc/rfc3923.txt

    JEP 116 describes Encrypted Sessions, which seems to be somewhat reminiscent of SSH:
    http://www.jabber.org/jeps/jep-0116.html
    I don't know that anyone implements this yet.

    BTW Can someone tell me whether the connection between the two people chatting with Jabber is P2P or whether it is routed via the server?

    Normal chatting at least is all client-server. File transfer can be p2p (normal case) or client-server, while Jingle Audio is p2p.

    --
    Climate Progress - Hell and High Water