I’‘m almost finished building a Jabber Windows client at work, using Jive as our server (Jive just rocks, I mean seriously), and I’‘ve got 128bit TripleDES encryption to encrypt all messages (message body that is) before they are sent out, then decrypted when they arrive at their destination. It uses password derived 128bit keys for encryption/decryption. I know, why not use SSL? I don’‘t know, I thought it’‘d be cool to have my own built-in encryption. I plan on releasing this client for free once I’‘m done (licensed under the GPL). What do you guys think of 128bit TripleDES over SSL? If a server is spoofed, they won’'t be able to decrypt the messages without the password derived key anway . . .
P.S. It has a setup wizard that says “Please enter the URL of your Jive server or other XMPP compliant server (such as Jabber)” - free plug =^)