[Standards-JIG] JEP-0136 Message Archiving
Ian Paterson
ian.paterson at clientside.co.uk
Sun Sep 10 12:45:26 CDT 2006
Matthias Wimmer wrote:
> BTW: What are the considerations for choosing the chosen cryptography
> schemes of JEP-0136?
>
Good question. I think they are particularly secure and very simple to
implement. For example, RSA-KEM is currently the only required
encapsulation scheme since it is NESSIE-recommended and its security is
tightly proven (unlike RSA-OAEP or PKCS #1 v1.5).
Although I'm open to a full discussion about these schemes and any
others, I'm also concerned that a discussion about crypto schemes now
could easily distract from the rest of the JEP, so I hope we don't go
into it too deeply until we've got the rest of the JEP sorted out. That
way implementations can move forward while we argue about the crypto
modules that should be pluged in.
Note: Any changes will only affect the registry entries, not the JEP
itself. Cryptography is an evolving science. So (my working copy of) the
JEP makes use of the Jabber Registrar to allow all the crypto algorithms
to continue to change even after the JEP reaches "Final" status.
> Shouldn't the first sentence of 5.1 read:
>
> While automated archiving is easy for the client and server to
> implement, there are many contexts in which _manual_ archiving is
> required.
>
Thanks, fixed in my working copy.
- Ian
More information about the Standards-JIG
mailing list