[jdev] Any thoughts on implementing end to end message encryption?
stpeter at stpeter.im
Wed Nov 14 01:37:05 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 11/13/12 4:49 PM, mat henshall wrote:
> We have an application that needs to be able to encrypt and sign
> messages and IQ stanza's that contain custom elements 'end to end'
> from one client to another, possibly across multiple federated
> Looking at RFC 3923, ther seems to be very little practical
> application of this specification.
> Is there any reason?
> Should I ignore this? If so what would the community suggest?
We've tried 5+ times to build end-to-end encryption. We've failed each
1. PGP (XEP-0027) - never widely adopted, who has PGP keys?
2. SMIME+CPIM (RFC 3923) - checking off a security box for the IETF
3. xmlenc (never documented) - might be used somewhere, but those
people aren't talking
4. ESessions (XEP-0116) - implemented once, no other adoption
5. XTLS (draft-meyer-xmpp-e2e-encryption) - experimental, didn't move
At this point I think there are other solutions under discussion:
6. OTR - http://www.cypherpunks.ca/otr/
7. XMPP e2e - draft-miller-xmpp-e2e
I sure hope we'll settle on one of those before the heat death of the
universe. Your feedback is welcome. :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the JDev