[Council] E2E discussion

Dave Smith dizzyd at jabber.org
Wed Nov 5 13:03:17 CST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

This is a flame.

I'm tired of waiting for the perfect e2e encryption mechanism -- it 
simply doesn't exist. There seems to be some set of people within the 
Foundation who believe that we must have the perfect solution; anything 
else is simply unacceptable.  However, we have known that e2e is an 
important piece of the overall security puzzle for 4 (FOUR!) years now, 
and we STILL haven't solved it. For this reason, I wrote JEP-116 in 
hopes of providing a reasonable compromise to this problem, one that 
people can grok enough to implement, but one that was built on a  
proven protocol (SSH, in this case) which people trust for security.

Instead of getting constructive feedback, I've only had back-channel 
rumblings/complaints about the JEP and how it didn't attempt to clarify 
previous e2e JEPs (that NO ONE understood). I'm sick of this, and it is 
behaviour unbefitting the Council.

The Council is responsible for the growth and progress of the protocol. 
It is your duty to act as leaders and address issues with all due 
haste. Do your job! This e2e discussion has dragged on and has not 
gotten ANYWHERE.

I have paused my efforts to push JEP-116 as a de-facto standard by 
implementing and encouraging others to implement it, based on feedback 
from some Council members that my JEP was not "secure" enough. However, 
if the Council does not act decisively on this issue in the next week, 
I will resume my efforts to evangelize what I believe to be the best 
solution yet presented.

D.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQE/qUl1YNE3chVHHsMRAsQoAJ9yqHLtSYe18L88A7OX4XqNwHpHZwCeL+3t
VbakBCLsQ7s9DNcpdp4XYoE=
=PR5F
-----END PGP SIGNATURE-----




More information about the Council mailing list