[jeztek]

You can vet who joins the channel by denying unauthorized users the room key. Users who don't have the key cannot post messages to the room.

User authentication, so someone is not able to impersonate you, is on the todo list but it is assumed that the server is trusted and won't go swapping public keys on you. A chat system that doesn't trust the server would need an entirely different design. You need to trust the server to perform basic actions like broadcast your message to the other users in the room.

[RyanZAG]

If that's the case, why go through all this hassle? Simply use IRC with SSL and you have exactly the same level of security. As long as you trust the server, you are fine.

[jeztek]

I think there's still value in hiding the conversation from the server even if you must still trust the server to not behave maliciously. If some three-letter agency contacts the server operator asking for a back channel to listen in, he or she could respond that it's not possible without malicious intent towards a user:

http://www.macobserver.com/tmo/article/apples-imessage-encry...

[RyanZAG]

Point taken, you're correct - 1.1 is bigger than 1.0, and if the choice is open, choosing the 1.1/semi secure option is definitely better.