[Council] JEP-0027

Peter Saint-Andre stpeter at jabber.org
Wed Apr 10 16:52:37 CDT 2002


I agree, it would be good to mention that XES is being worked on and
that PGP/GPG is of historical interest only (not a permenent solution).

Peter

--
Peter Saint-Andre
email+jabber: stpeter at jabber.org
weblog: http://www.saint-andre.com/blog/

On Wed, 10 Apr 2002, Max Metral wrote:

> ok.  I guess I go to 0.  Would be nice to see a mention of XES in this JEP
> so that people know not to keep using this if possible.
> 
> -----Original Message-----
> From: Thomas Muldowney [mailto:temas at box5.net]
> Sent: Wednesday, April 10, 2002 4:07 PM
> To: council at jabber.org
> Subject: Re: [Council] JEP-0027
> 
> 
> Just as a note I asked DW to do this.  I felt his previous comments
> warranted fixing.
> 
> Max, this does limit us to PGP, and that's because that was it's
> intention and it's current usage.  I'm currently drafting my thoughts on
> XES in a JEP form to further discussion, and I believe all efforts
> should be focussed on that rather than rehashing an old and inferior
> system =)
> 
> I'll repost tonight or early tomorrow and see what everyone thinks.
> 
> --temas
> 
> 
> On Wed, 2002-04-10 at 14:59, David Waite wrote:
> > (replying to myself)
> > I am changing my vote to -1, pending the changes I outlined earlier.
> > 
> > -David Waite
> > 
> > David Waite wrote:
> > 
> > > Max Metral wrote:
> > >
> > >> Right, but doesn't that essentially limit us to PGP?  I understand 
> > >> this is
> > >> informational, but it would seem to be one of those things that can be
> > >> explained several ways, and I'd like to see it explained as if it was 
> > >> more
> > >> flexible than the way it's being used today.
> > >>
> > > Actually, the replay issues I mentioned are only really solvable by 
> > > having some sort of key negotiation (which can be encrypted via pgp or 
> > > done via a dh key exchange); you want both parties to take part in 
> > > choosing a unique session key, or each receiving party to choose a key 
> > > to be used for data sent to it. Both the feature negotiation  and key 
> > > negotiation will require a different protocol.
> > >
> > > Actually, that brings up another interesting point - (since this is 
> > > informational) - is there any accepted client standards for figuring 
> > > out if the trust level of the remote entity is adequate for pgp 
> > > encryption? I suppose that is more of an identity question ; there 
> > > isn't currently a way to guarantee the identify of a user against man 
> > > in the middle or machine takeovers on Jabber, and this standard does 
> > > not provide any means to verify the identity of the other party 
> > > (because of the replay issues.)
> > >
> > > -David Waite
> > >
> > >
> > >
> > > _______________________________________________
> > > Council mailing list
> > > Council at jabber.org
> > > http://mailman.jabber.org/listinfo/council
> > 
> > 
> > 
> > 
> 
> 
> _______________________________________________
> Council mailing list
> Council at jabber.org
> http://mailman.jabber.org/listinfo/council
> _______________________________________________
> Council mailing list
> Council at jabber.org
> http://mailman.jabber.org/listinfo/council
> 




More information about the Council mailing list