[Council] proto-JEP: Secure Stanzas

Thomas Muldowney temas at box5.net
Mon Apr 5 12:36:29 CDT 2004


If we all acknowledge that the protocol that was forced upon us by the 
IETF doesn't fit in, why can't we publish something that does fit in 
more?  Justin's spec isn't all that bad, and close to what I was 
working towards with xmlenc.  It solves many issues that 27 won't 
cover, and is something I would probably implement later.  I do not 
plan to write a CPIM parser or MIME support for any of my clients.  
That is much too much the realm of email.

--temas


On Apr 5, 2004, at 12:02 PM, Peter Saint-Andre wrote:

> On Tue, Mar 16, 2004 at 04:49:09PM -0600, Peter Saint-Andre wrote:
>> Justin Karneges has submitted a proto-JEP on end-to-end stanza 
>> security
>> (intended to supersede JEP-0027). Please review it here:
>>
>> http://www.jabber.org/jeps/inbox/secure.html
>>
>> If you have concerns about publishing this as a JEP, please voice them
>> in the next 7 days (i.e., by March 23).
>
> I am surprised that no one voiced concerns about this proposal, so it
> seems that I must do so.
>
> Justin's proposal is substantially the same as draft-ietf-xmpp-e2e-02:
>
> http://www.jabber.org/ietf/attic/draft-ietf-xmpp-e2e-02.html
>
> Concerns were raised within the XMPP WG regarding that proposal, in 
> this
> thread:
>
> http://www.jabber.org/pipermail/xmppwg/2003-May/001039.html
>
> In short, the IETF community was concerned that the early e2e proposal
> could not be interoperable with other IETF technologies (main IM 
> systems
> based on SIP and using the CPIM syntaxes for messaging and presence),
> which would prevent true end-to-end encryption in the IM world.
>
> For the JSF to publish Justin's proposal as a JEP will be seen as bad
> faith within the IETF: certainly as a breach of trust, and perhaps even
> as a violation of the IETF's intellectual property rights policy (note
> that the I-D referred to above is copyrighted by the IETF).
>
> I fully and painfully realize that 98% of Jabber developers loathe the
> xmpp-e2e protocol: it requires them to handle S/MIME (and multipart to
> boot!), build CPIM parsers (of which none exist), potentially handle
> arbitrary MIME types (since Message/CPIM allows that), etc. The entire
> xmpp-e2e protocol is just not in harmony with the Jabber Way and is
> perceived by the developer community as damage, which is why we see
> continuing efforts to route around it, including Justin's proto-JEP
> and JEP-0116. I realize that the likely outcome is this: no one will
> implement xmpp-e2e and people will simply continue using JEP-0027.
>
> I don't like any of this, and I'm not quite sure what to do about it.
> However, one thing I do know: publishing Justin's proposal as a JEP is
> not part of the solution.
>
> Peter
>
> _______________________________________________
> Council mailing list
> Council at jabber.org
> https://jabberstudio.org/mailman/listinfo/council




More information about the Council mailing list