[jdev] manifesto 0.4
holler at ahsoftware.de
Thu Nov 7 15:20:02 UTC 2013
Am 07.11.2013 15:54, schrieb Alexander Holler:
> Am 07.11.2013 14:44, schrieb Andreas Kuckartz:
>> Alexander Holler:
>>> I didn't speak about production environments. The manifesto affects all
>>> users and a lot of them don't (have to) care about production
>>> E.g. my server only has to serve my needs and nobody else ones. So I can
>>> make a lot of compromises up to the fact, that I don't care if the NSA
>>> or GHCQ would be dumb enough to snoop on my communications which happens
>>> over my XMPP server (which isn't that much).
>>> But I care if my server wouldn't be able to communicate with other
>>> servers because they require e.g. TLSv1.2.
>> If a non-production server is communicating with a production server the
>> combination is a production system. In such cases the production server
>> must enforce the requirements in the interest of the users of the
>> production server.
> So you want to enforce military grade encryption for all users of XMPP?
> It's like the wish to make all the telephone systems to use high
> Good luck with that. In my humble opinion thats just a way to get rid of
> users and therefor a nice but silly dream.
I think a realistic solution is to show users the state of their
communication and therefor make the aware of the fact if e.g. a message
is believed to have traveled secure or unsecure ways.
That's already mentioned in the manifesto and I like that a lot.
A possible solution could be to add an attribute to messages (or all
stanzas) which details the used communication way and the used
encryptions to transport that message/stanza. I don't know if such was
already written down in an XEP, but I would like that a lot.
More information about the JDev