[Council] Fwd: Re: [Standards] Fwd: Re: [cryptography] Is it just me or is this fundamentally broken?

Peter Saint-Andre stpeter at stpeter.im
Thu Mar 7 02:41:02 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Forewarned is forearmed. ;-)


- -------- Original Message --------
Subject: Re: [Standards] Fwd: Re: [cryptography] Is it just me or is
this fundamentally broken?
Date: Wed, 06 Mar 2013 19:40:38 -0700
From: Peter Saint-Andre <stpeter at stpeter.im>
Reply-To: XMPP Standards <standards at xmpp.org>
To: XMPP Standards <standards at xmpp.org>

Seeing no deep objections, I'll bring this up at the next XMPP Council
meeting on March 20.

On 3/6/13 2:15 AM, Winfried Tilanus wrote:
> On 03/05/2013 06:07 PM, Mike Taylor wrote:
> 
> +1
> 
>> On 03/05/2013 12:04 PM, Peter Saint-Andre wrote:
>>> I would like to suggest that we change XEP-0027 from Active to 
>>> Deprecated (and then Obsolete). The technology is no longer in 
>>> wide use, and it has so many problems that I don't think we 
>>> want to actively suggest that people implement it.
> 
> 
>> +1 for being proactive at clearing out older (and unwise) info
> 
> 
>>> Peter
> 
> 
>>> -------- Original Message -------- Subject: Re: [cryptography] 
>>> Is it just me or is this fundamentally broken? Date: Mon, 04 
>>> Mar 2013 18:24:46 -0700 From: Peter Saint-Andre 
>>> <stpeter at stpeter.im> To: Peter Gutmann 
>>> <pgut001 at cs.auckland.ac.nz> CC: cryptography at randombit.net
> 
>>> On 3/4/13 4:42 PM, Peter Gutmann wrote:
>>>> Quoting http://xmpp.org/extensions/xep-0027.html#signing:
> 
>>>> Signing enables a sender to verify that they sent a certain 
>>>> block of text. [...] The text that is signed MAY be the empty
>>>> string.
> 
>>>> (There's no metadata or anything there, just a raw 
>>>> signature).
> 
>>> No one uses XEP-0027 these days, they all use OTR. The PGP 
>>> integration with XMPP clients was an early experiment in the 
>>> Jabber community before we even called it XMPP. Think 13+ years
>>> ago. But clients never signed empty strings, although we never
>>> fixed the spec because no one was using the technology. I'll
>>> push to make the spec Obsolete.
> 
>>> Peter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRN/4+AAoJEOoGpJErxa2pATcP/3xZIHo4hBMPcMnbQQd0llIp
0aKB1S/EIiNLsqTUUZhDYJJowiJ5fzPJRkE6SYvnpWP1go2k0koa4SQQuGjv9GXL
TskOvR7AGA+1STnWa/L9hGqYW+x8eWrCWO93/0zjajSlYP4wbhh4cg1bSfd140IO
xUA/fknaqnWPiLD3dnfur1QTe+DWWZaBnnSqVJ5mqwiydsta9BE4EuVI3sk22Rmd
M/+VkasjG2wo9YTw2pLI/34Wy2wBEE6aHO97Dj6vC2jgjodqQ9Dz/Z35DcIIP/IQ
IVKAaYu5aUOnmYCEOrqHBAX3GaK0YrMHbElV2306A0y0Q915fm9lZW7dcTNFu34T
WmCRAowmYY3yA85sI5I+0D7jjDMTVoZpSI/OjqGBT7+xtHwWE6r33ToQe8K58ieX
JwJCIjMeFaYFzb/b6KC+J76VJAFCW2HCAL/X+cmkv27/bSeL9fMFyVEYAGf4BTJm
SiDGz5doMUL+aM7Bc1WuDJWyStpvgKAeP65DT0OWFOuFszBd5AcQWCbFUUGRGM+5
M6qVadSqeeBvriCeGAam9KtZhAGUNxv9g6fcBM6C4SaNmDIJMd/lNd6Fsap7VRw9
JlmV3orcQIA3rTj57rl3XWkkDJRlzll2pbye1N55wPVUHWaRXJZYHyBKz/pORYsC
voxsmZXgUseYVkS4GLxP
=1e1P
-----END PGP SIGNATURE-----


More information about the Council mailing list