On Thu, 4 Aug 2005, Ian Grigg wrote:
Currently, IM is mostly unsecured (there is this thing
to do with SSL to the server, but as the threat is on
the node, that's ignorable). The way to approach
securing chat (IMHO) is to layer OpenPGP over the
top in a transparent fashion.
OpenPGP has a lot of characteristics that one wouldn't particularly want
in an IM privacy protocol. You might want to take a look at the "Off The
Record Messaging" system designed by Goldberg and Borisov. Their WPES
paper addresses the rationale behind ditching the OpenPGP threat model.
http://www.cypherpunks.ca/otr/#docs
(More generally, I agree with the sentiment that ASCII-armored OpenPGP is
important for use with other protocols besides email, and should be the
canonical format for OpenPGP, email and otherwise.)