[Council] proto-JEP: Security JIG

Peter Saint-Andre stpeter at jabber.org
Wed Jul 21 09:57:50 CDT 2004

On Tue, Jul 20, 2004 at 01:21:52PM -0500, Thomas Muldowney wrote:
> I'm wary if this needs a full JIG?  Every time we try this approach it 
> doesn't work well.  Is this going to end up being something that only 3 
> people are doing again?  Is there really enough devotion to it?  I'd 
> like to see some more along those lines before we go forward with 
> another JIG creation.  Just the scope scares me, it's ambitious, but 
> perhaps overreaching without a solid group to work at it, and for quite 
> a while.

A large number of people, some of them quite knowledgeable about
security, have volunteered to help, and I plan to recruit others as
necessary. Currently we are having security discussion on the JADMIN 
list (!) and in one-to-one chats, with no information sharing across 
the various conversations. IMHO we need to have one place where people 
can figure out the threat model and then a security model for XMPP, 
document their findings, and then let others define protocols that
address the identified threats. Something along these lines would be 
a good first step:


The group that puts this together needs to be focused, disciplined,
motivated, and realistic. I think we have all the principles, processes,
and people in place (or suitably outlined) so that we can complete the
tasks defined in the proposal.


Peter Saint-Andre
Jabber Software Foundation

More information about the Council mailing list