[Council] proto-JEP: Secure Stanzas

Peter Saint-Andre stpeter at jabber.org
Mon Apr 5 12:52:59 CDT 2004


On Mon, Apr 05, 2004 at 12:36:29PM -0500, Thomas Muldowney wrote:
> If we all acknowledge that the protocol that was forced upon us by the 
> IETF doesn't fit in, why can't we publish something that does fit in 
> more?  

We can do anything we want to, of course. I think the problem is
publishing a protocol that is essentially something the IETF rejected,
which makes it appear that we're thumbing our noses at the IETF
standards process.

> Justin's spec isn't all that bad, and close to what I was 
> working towards with xmlenc.  It solves many issues that 27 won't 
> cover, and is something I would probably implement later.  I do not 
> plan to write a CPIM parser or MIME support for any of my clients.  

Understood.

Maybe we need a bit of a summit on this issue....

P

> That is much too much the realm of email.
> 
> --temas
> 
> 
> On Apr 5, 2004, at 12:02 PM, Peter Saint-Andre wrote:
> 
> >On Tue, Mar 16, 2004 at 04:49:09PM -0600, Peter Saint-Andre wrote:
> >>Justin Karneges has submitted a proto-JEP on end-to-end stanza 
> >>security
> >>(intended to supersede JEP-0027). Please review it here:
> >>
> >>http://www.jabber.org/jeps/inbox/secure.html
> >>
> >>If you have concerns about publishing this as a JEP, please voice them
> >>in the next 7 days (i.e., by March 23).
> >
> >I am surprised that no one voiced concerns about this proposal, so it
> >seems that I must do so.
> >
> >Justin's proposal is substantially the same as draft-ietf-xmpp-e2e-02:
> >
> >http://www.jabber.org/ietf/attic/draft-ietf-xmpp-e2e-02.html
> >
> >Concerns were raised within the XMPP WG regarding that proposal, in 
> >this
> >thread:
> >
> >http://www.jabber.org/pipermail/xmppwg/2003-May/001039.html
> >
> >In short, the IETF community was concerned that the early e2e proposal
> >could not be interoperable with other IETF technologies (main IM 
> >systems
> >based on SIP and using the CPIM syntaxes for messaging and presence),
> >which would prevent true end-to-end encryption in the IM world.
> >
> >For the JSF to publish Justin's proposal as a JEP will be seen as bad
> >faith within the IETF: certainly as a breach of trust, and perhaps even
> >as a violation of the IETF's intellectual property rights policy (note
> >that the I-D referred to above is copyrighted by the IETF).
> >
> >I fully and painfully realize that 98% of Jabber developers loathe the
> >xmpp-e2e protocol: it requires them to handle S/MIME (and multipart to
> >boot!), build CPIM parsers (of which none exist), potentially handle
> >arbitrary MIME types (since Message/CPIM allows that), etc. The entire
> >xmpp-e2e protocol is just not in harmony with the Jabber Way and is
> >perceived by the developer community as damage, which is why we see
> >continuing efforts to route around it, including Justin's proto-JEP
> >and JEP-0116. I realize that the likely outcome is this: no one will
> >implement xmpp-e2e and people will simply continue using JEP-0027.
> >
> >I don't like any of this, and I'm not quite sure what to do about it.
> >However, one thing I do know: publishing Justin's proposal as a JEP is
> >not part of the solution.
> >
> >Peter
> >



More information about the Council mailing list