Re: best way to secure communication?

["Kelly Clowers" <kelly.clowers@gmail.com>]

On 5/17/06, lee <lee@yun.yagibdah.de> wrote:
> Hi,
>
> what's the best way to secure IM-like communication? One way I could
> think of is using ssh and then talk (or some equivalent), another idea
> was to run an irc server like ircd-hybrid and use ssl.
>
> But I don't exactly want to have other users log in via ssh (letting
> aside that there's no usable windoze client for that, and cygwin is
> too large to be downloaded with a modem connection), and ircd-hybrid
> in testing seems to be compiled without ssl support.
>
> I could compile my own ircd-hybrid, but I'm not sure if ssl support is
> supposed to be used by IRC clients. It seems more targeted to secure
> connections between IRC servers. And then, ssl is only so much secure
> ...
>
> Maybe ssh could be used to tunnel IRC, but that appears to be at least
> troublesome on the client side.
>
> What's the way to go?

You can get some security in jabber with TLS/SSL . Many (most?) Jabber
clients and severs support TLS and/or SSL. If both clients connect to
the same server with TLS or the clients connect to different servers
with TLS and the servers talk to each other with TLS, then things are
somewhat secure.

For real end-to-end security some Jabber clients support GPG. See
these documents for more info:

http://www.gnupg.org/(en)/related_software/frontends.html#chat

http://psi-im.org/wiki/Encryption