[jdev] manifesto 0.4

Matt Miller linuxwolf at outer-planes.net
Thu Nov 7 16:53:38 UTC 2013


On Nov 7, 2013, at 7:20 AM, Alexander Holler <holler at ahsoftware.de> wrote:

> Am 07.11.2013 15:54, schrieb Alexander Holler:
>> Am 07.11.2013 14:44, schrieb Andreas Kuckartz:
>>> Alexander Holler:
>>>> I didn't speak about production environments. The manifesto affects all
>>>> users and a lot of them don't (have to) care about production
>>>> environments.
>>>> 
>>>> E.g. my server only has to serve my needs and nobody else ones. So I can
>>>> make a lot of compromises up to the fact, that I don't care if the NSA
>>>> or GHCQ would be dumb enough to snoop on my communications which happens
>>>> over my XMPP server (which isn't that much).
>>>> 
>>>> But I care if my server wouldn't be able to communicate with other
>>>> servers because they require e.g. TLSv1.2.
>>> 
>>> If a non-production server is communicating with a production server the
>>> combination is a production system. In such cases the production server
>>> must enforce the requirements in the interest of the users of the
>>> production server.
>> 
>> So you want to enforce military grade encryption for all users of XMPP?
>> 
>> It's like the wish to make all the telephone systems to use high
>> encryption.
>> 
>> Good luck with that. In my humble opinion thats just a way to get rid of
>> users and therefor a nice but silly dream.
> 
> I think a realistic solution is to show users the state of their communication and therefor make the aware of the fact if e.g. a message is believed to have traveled secure or unsecure ways.
> 
> That's already mentioned in the manifesto and I like that a lot.
> 
> A possible solution could be to add an attribute to messages (or all stanzas) which details the used communication way and the used encryptions to transport that message/stanza. I don't know if such was already written down in an XEP, but I would like that a lot.
> 

That has came up in some side discussions at the IETF meeting in Vancouver.  XEP-0334, while specifically for <message/> stanzas today, might be able to provide such a flag (e.g., <require-tls/> or some such).


- m&m

Matthew A. Miller
< http://goo.gl/LK55L >

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20131107/d038c215/attachment.pgp>


More information about the JDev mailing list