[Council] JEP-0027

Max Metral Max.Metral at peoplepcHQ.com
Wed Apr 10 15:16:39 CDT 2002

ok.  I guess I go to 0.  Would be nice to see a mention of XES in this JEP
so that people know not to keep using this if possible.

-----Original Message-----
From: Thomas Muldowney [mailto:temas at box5.net]
Sent: Wednesday, April 10, 2002 4:07 PM
To: council at jabber.org
Subject: Re: [Council] JEP-0027

Just as a note I asked DW to do this.  I felt his previous comments
warranted fixing.

Max, this does limit us to PGP, and that's because that was it's
intention and it's current usage.  I'm currently drafting my thoughts on
XES in a JEP form to further discussion, and I believe all efforts
should be focussed on that rather than rehashing an old and inferior
system =)

I'll repost tonight or early tomorrow and see what everyone thinks.


On Wed, 2002-04-10 at 14:59, David Waite wrote:
> (replying to myself)
> I am changing my vote to -1, pending the changes I outlined earlier.
> -David Waite
> David Waite wrote:
> > Max Metral wrote:
> >
> >> Right, but doesn't that essentially limit us to PGP?  I understand 
> >> this is
> >> informational, but it would seem to be one of those things that can be
> >> explained several ways, and I'd like to see it explained as if it was 
> >> more
> >> flexible than the way it's being used today.
> >>
> > Actually, the replay issues I mentioned are only really solvable by 
> > having some sort of key negotiation (which can be encrypted via pgp or 
> > done via a dh key exchange); you want both parties to take part in 
> > choosing a unique session key, or each receiving party to choose a key 
> > to be used for data sent to it. Both the feature negotiation  and key 
> > negotiation will require a different protocol.
> >
> > Actually, that brings up another interesting point - (since this is 
> > informational) - is there any accepted client standards for figuring 
> > out if the trust level of the remote entity is adequate for pgp 
> > encryption? I suppose that is more of an identity question ; there 
> > isn't currently a way to guarantee the identify of a user against man 
> > in the middle or machine takeovers on Jabber, and this standard does 
> > not provide any means to verify the identity of the other party 
> > (because of the replay issues.)
> >
> > -David Waite
> >
> >
> >
> > _______________________________________________
> > Council mailing list
> > Council at jabber.org
> > http://mailman.jabber.org/listinfo/council

Council mailing list
Council at jabber.org

More information about the Council mailing list