[Council] JEP-0027

Thomas Muldowney temas at box5.net
Wed Apr 10 15:06:46 CDT 2002


Just as a note I asked DW to do this.  I felt his previous comments
warranted fixing.

Max, this does limit us to PGP, and that's because that was it's
intention and it's current usage.  I'm currently drafting my thoughts on
XES in a JEP form to further discussion, and I believe all efforts
should be focussed on that rather than rehashing an old and inferior
system =)

I'll repost tonight or early tomorrow and see what everyone thinks.

--temas


On Wed, 2002-04-10 at 14:59, David Waite wrote:
> (replying to myself)
> I am changing my vote to -1, pending the changes I outlined earlier.
> 
> -David Waite
> 
> David Waite wrote:
> 
> > Max Metral wrote:
> >
> >> Right, but doesn't that essentially limit us to PGP?  I understand 
> >> this is
> >> informational, but it would seem to be one of those things that can be
> >> explained several ways, and I'd like to see it explained as if it was 
> >> more
> >> flexible than the way it's being used today.
> >>
> > Actually, the replay issues I mentioned are only really solvable by 
> > having some sort of key negotiation (which can be encrypted via pgp or 
> > done via a dh key exchange); you want both parties to take part in 
> > choosing a unique session key, or each receiving party to choose a key 
> > to be used for data sent to it. Both the feature negotiation  and key 
> > negotiation will require a different protocol.
> >
> > Actually, that brings up another interesting point - (since this is 
> > informational) - is there any accepted client standards for figuring 
> > out if the trust level of the remote entity is adequate for pgp 
> > encryption? I suppose that is more of an identity question ; there 
> > isn't currently a way to guarantee the identify of a user against man 
> > in the middle or machine takeovers on Jabber, and this standard does 
> > not provide any means to verify the identity of the other party 
> > (because of the replay issues.)
> >
> > -David Waite
> >
> >
> >
> > _______________________________________________
> > Council mailing list
> > Council at jabber.org
> > http://mailman.jabber.org/listinfo/council
> 
> 
> 
> 





More information about the Council mailing list