Re: [Fed-Talk] security in iChat
Re: [Fed-Talk] security in iChat
- Subject: Re: [Fed-Talk] security in iChat
- From: Joel Esler <email@hidden>
- Date: Fri, 6 Feb 2009 13:02:01 -0500
On Fri, Feb 6, 2009 at 12:48 PM, Walls, Bryan K. (MSFC-IS30)
<email@hidden> wrote:
I'm trying to figure out the security characteristics of iChat. Could someone help me know if I have the following right or wrong?
Text chat using AIM credentials travels over SSL. However, content goes through AOL servers and could be viewed there. Shouldn't be considered in any way secure.
So you don't want to assume Trusted operator with AOL? Check out OTR. Google "iChat OTR Plugin".
Video/Audio chat using AIM credentials actually sets up a point to point connection between users. This is done in the clear?
Well, it's audio and video, so it's not like its text. I don't know if it's done "in the clear" or not, but even if you were able to intercept it, you'd have to reassemble it. Extremely difficult.
Two paid MobileMe accounts can choose to conference securely. Users are issued MobleMe certs and all communication is encrypted end to end: text, audio, and video.
Correct.
If using a secure Jabber server (such as the NASA Jabber server), text chat is secure end to end (would be visible on server, but assuming trusted operator).
Video or audio chats initiated through a secure jabber server are again point to point and in the clear? Is there any way to use local PKI to secure to connection?
Again, Google the above. OTR, ichat plugin.
--
Joel Esler
T: 302-223-5974 (-) Gtalk:
email@hidden[m]
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden