[JDEV] The Future of Jabber?
scott at tranzoa.com
Sat Aug 7 17:36:54 CDT 1999
I make this e-mail in the hopes that the two main Jabber protocol
controllers listen and maybe add these modifications to the next revision.
The Jabber protocol is great. It's simple and it seems to work. However, to
compete with what I know is coming (I've taken a few interesting tours and
talking to a few interesting industry folks and this gives me an interesting
problem of now getting near breaking NDAs...) I'm going to throw out a
collection of suggestions that I've been placing into a text file.
I feel "nicks" or as I refer to them "guises" need to be worked on a bit. It
falls under the Yahoo-ism where a single account can have multiple names
that are completely opaque to the sending user. dsn.geo sends a message
requesting "Hacker Skillz" to Q4uad, and is then instantly banned. However,
dsn.geo also happens to be a friend of GRCC_Hacker and they talk about
breaking the CIA every day. Little does dsn.geo realize, but GRCC_Hacker and
Q4uad are the same person. However, while Q4uad loves talking about hacking
with his friends, he wants his Q4uad guise clean of any stigma (or spam)
that might be related to his friend dsn.geo getting around. There should be
no way, short of social engineering, to find out about the connection
between Q4uad and GRCC_Hacker.
Security has been discussed, but I'd like to make a few suggestions as to
how it is implemented. First, cleartext logins and communications is evil.
It would overjoy me if we could implement a public key swap for
authorization and encryption of the XML stream. Second, and sprouting from
the first, I see no reason not to use public keys as our UIDs... or more
specifically, our "keyID at server" as the UIDs. For transport of the keys, we
can either create our own Jabber structure for propagation or link into
wwwkeys.pgp.net and the keyserver network. Third, since servers would need
keys for the swap, giving them another (more useful) purpose in life would
be great. I'm a user of the Gale messaging system (www.gale.org) and the
servers there use a heirarchical key system for server authentication. the
".com" key signs a ".tranzoa.com" key which causes it to be valid. The
client has a ".com" key and when it logs into tranzoa.com, it can tell the
server's ".tranzoa.com" key is valid. I'm not suggesting a reimplementation
of the Gale messaging system, but I am pushing for something very close to
POP3/SMTP JabberBox's have been noted. However, we need to go a step
further. Millions of potential users are using Hotmail for their primary
e-mail address. If we wrote a JabberTransport to Hotmail, we would sweeten
the pot, so to speak, for every one of those users to be a Jabber user.
Yahoo! Mail, Lycos, Altavista, email.com and many many others could all be
supported with intelligent and well-updated scripts. It would be a grind, no
doubt, but well worth the effort.
The new IETF standard has support for publishing your online "presense." It
seems to me that as the Jabber standard is now, it is very server-to-server
and not peer-to-peer oriented. At the level it is currently, I have no
problem. However, I would love to see written into the protocol a standard
for announcing your current network address. Notice I say "network address?"
It is my hope that we can create such a usable standard that when we move on
from IP addresses to the "next big thing" that Jabber will be able to move
on as well. NOTE: Retrieving YOUR IP address (ala DHCP) and adding in server
scanning/denying scanning through custom identd servers should be whoever
the designer will be's mind.
I'm dedicated towards Jabber succedding, but it won't be an easy task. IETF,
Microsoft, AOL/Netscape and many others standard both in front of us waiting
for our challenge, and behind us trying to start their engines. If we
succeed, this could all do great things for our resumes. :)
More information about the JDev