[Council] proto-JEP: Secure Stanzas

Peter Saint-Andre stpeter at jabber.org
Mon Apr 5 12:02:10 CDT 2004


On Tue, Mar 16, 2004 at 04:49:09PM -0600, Peter Saint-Andre wrote:
> Justin Karneges has submitted a proto-JEP on end-to-end stanza security
> (intended to supersede JEP-0027). Please review it here:
> 
> http://www.jabber.org/jeps/inbox/secure.html
> 
> If you have concerns about publishing this as a JEP, please voice them
> in the next 7 days (i.e., by March 23).

I am surprised that no one voiced concerns about this proposal, so it
seems that I must do so.

Justin's proposal is substantially the same as draft-ietf-xmpp-e2e-02:

http://www.jabber.org/ietf/attic/draft-ietf-xmpp-e2e-02.html

Concerns were raised within the XMPP WG regarding that proposal, in this
thread:

http://www.jabber.org/pipermail/xmppwg/2003-May/001039.html

In short, the IETF community was concerned that the early e2e proposal
could not be interoperable with other IETF technologies (main IM systems
based on SIP and using the CPIM syntaxes for messaging and presence),
which would prevent true end-to-end encryption in the IM world.

For the JSF to publish Justin's proposal as a JEP will be seen as bad
faith within the IETF: certainly as a breach of trust, and perhaps even 
as a violation of the IETF's intellectual property rights policy (note 
that the I-D referred to above is copyrighted by the IETF).

I fully and painfully realize that 98% of Jabber developers loathe the
xmpp-e2e protocol: it requires them to handle S/MIME (and multipart to
boot!), build CPIM parsers (of which none exist), potentially handle
arbitrary MIME types (since Message/CPIM allows that), etc. The entire
xmpp-e2e protocol is just not in harmony with the Jabber Way and is 
perceived by the developer community as damage, which is why we see 
continuing efforts to route around it, including Justin's proto-JEP
and JEP-0116. I realize that the likely outcome is this: no one will 
implement xmpp-e2e and people will simply continue using JEP-0027. 

I don't like any of this, and I'm not quite sure what to do about it. 
However, one thing I do know: publishing Justin's proposal as a JEP is 
not part of the solution.

Peter




More information about the Council mailing list