[Standards-JIG] RE: Encrypted sessions
Justin Karneges
justin-keyword-jabber.093179 at affinix.com
Fri Jun 9 04:14:13 CDT 2006
On Thursday 08 June 2006 20:16, Hal Rottenberg wrote:
> On 6/8/06, Kevin Smith <kevin at kismith.co.uk> wrote:
> > On 8 Jun 2006, at 22:51, Jean-Louis Seguineau wrote:
> > > If we want to handle the case of secure offline storage, I'd rather
> > > have it
> > > handled in a separate JEP.
> >
> > I agree, they're very different issues to cover and, unless someone
> > much smarter than me comes up with something impressive, trying to
> > satisfy both to their fullest is going to result in neither being
> > optimal.
>
> Slightly OT:
>
> Technically something impressive has already been created, and it lies
> dormant within Psi already, right? QCA2 supports PKI in various ways,
> for example storing keys on a smart card. I tested it with Justin a
> while back.
I think he means an impressive protocol. But yeah, QCA is great, and Psi will
have no trouble supporting whatever the JSF comes up with. :)
However, I worry about the effort needed to implement JEP-0116 on a wide
scale. It is around the same complexity as TLS, which 100% of us use
libraries for, I'm sure.
I think we would do well to supercede JEP-27 with a protocol nearly as simple,
just to tie up the loose ends (namely iq stanzas, signing, and X.509, maybe
reconciliation with RFC 3923). JEP-116 would also exist, but as an advanced
alternative.
-Justin
More information about the Standards-JIG
mailing list