[Standards-JIG] Re: The Great Encryption Debate

[Ian Paterson]

> > All protocols, including S/MIME and PGP, have to face the same
public 
> > key verification challenges. So this list agreed last week that the 
> > protocol for publishing keys will be split into a separate generally

> > applicable JEP (as soon as someone has the time to write it).

Hal Rottenberg wrote:
>   This is why both systems have failed to grow to a 
> substantial user populatoin outside of geek circles.  From my 
> viewpoint (HCI), the key exchange part is the more important 
> part for the future of XMPP.

Yes, absolutely. Guaranteeing the entity-to-public-key association is
the difficult bit.

Especially since, to gain Aunt Tillie's acceptance, the default mode
needs to be 100% transparent for her (like https:).

She shouldn't have to verify a fingerprint or be aware that a
certificate is being requested on her behalf.

Of course the system needs to be flexible enough to accommodate the
paranoid too.

- Ian