16 Jul
2024
16 Jul
'24
12:38 a.m.
On 15/07/2024 21.51, Tim Henkes wrote:
2. Are encrypted direct client-to-client channels a
thing?
There is JET [2], but it seems to focus on key negotiation (which I
would do differently) […]
There's also a XEP called jingle-xtls [3] in the Inbox, but it's even
more abandoned than XEP-0247 and also seems to focus mostly on the key
negotiation, which again I would do differently.
Could you elaborate on how you would the key negotiation. While it's
always interesting to hear the how others would make things different,
or maybe their design is based on different assumptions/starting points,
I think it's also relevant to this discussion.
In any case, I think most specifications are simply abandoned due the
lack of implementation(s). Many probably never ever had a prototype
implementation, let alone two interoperable implementations.
Isn't "all we need"™ an encryption/authentication layer over
(bidirectional) streams potentially negotiated by Jingle? And for the
latter, there is the <security/> element which JET (xep391) /
jingle-xtls also uses.
- Florian