As Instant Messaging becomes used more and more
in business environments as well as in our private lives, security
becomes more and more important. Many users don't realise
that anyone with a packet sniffer and a little bit of know-how could
read everything they are writing. In order to raise user awareness
of this issue, I strongly encourage you to make it plainly obvious
to your users wether or not they are sending a secure message.
Each message window should have a well placed,
obvious warning if they are sending an unencrypted message.
Don't forget that any message destined to any non-Jabber network
is effectively insecure, as it will have to travel unencrypted as
soon as it leave the Jabber network.
Think of this like the the Internet Explorer padlock
icon, or Netscape key/broken key on steroids. If your client
doesn't support encryption then have this warning permanently on
by default please.
A much needed standard for Jabber security has
not yet been finalised. In the mean time you should check
out the Security
Jabber Interest Group (JIG) and join the mailing list.