[jdev] manifesto 0.4

Dave Cridland dave at cridland.net
Fri Nov 8 07:34:11 UTC 2013

On Fri, Nov 8, 2013 at 1:20 AM, Alexander Holler <holler at ahsoftware.de>wrote:

> Am 08.11.2013 01:55, schrieb Peter Saint-Andre:
> > The Jabber/XMPP community has always had a culture of being friendly
> > and respectful of others (yes, we've also had some flame wars during
> > that time!). I request that we keep it that way.
> Sorry, but that doesn't seem to be the case anymore. Someone told me
> that the TLS I'm using in "production" is unsafe, someone seemed to have
> the need to tell me what PFS is, another one suggest that I don't care
> for security, encryption or privacy in general and I had to read some
> curious theories about viral effects of "production" systems. All that
> because I said that I don't like that TLS/PFS should be enforced.
> (Again, encouraging it is good, enforcing it is imho not).
> With all those wrong imputations (which imho do imply that I'm a fool
> not knowing about what I'm speaking), a serious discussion is hardly
> possible.
It's great that you feel that you can claim everyone is implying you're a
fool when you also use phrases such as "curious theories" and so on.

But let me make three points:

a) I don't think you're a fool. I do deliberately ensure that I include
explanations of things like PFS and so on where they're germaine to the
discussion, because this isn't a private conversation between just two
parties; it's not only public, but publicly archived. If you don't need the
explanations, then great - but I'm aware that there's a number of people
who neither understand what Perfect Forward Secrecy is, nor why it's
important in the light of the recent leaks from Snowden.

b) All this discussion relates to a manifesto which is, itself, entirely
optional. As you're certainly aware - but again, I note for those who may
have missed this - if a significant number of key servers require a certain
technology to communicate, this will impose de-facto requirements on you
whether or not you subscribe to the manifesto yourself. However, as I have
previously noted, the same holds true in reverse, and if the aims are too
ambitious in the manifesto, this will self-correct.

c) I really do think, though, that you have a markedly different definition
of "production" to the rest of us. It's an economics term, meaning "the act
of creating output, a goods or service which has value and contributes to
the utility of individuals". My single-user server running on an old Dell
box sitting on the shelf is a production server, laughable as it sounds. My
phone is a production client. There's no implication of a commercial or
industrial service here. If you're using XMPP software to have
conversations, rather than exclusively to test or develop with, then it's
being used in production. This difference in meaning is probably where that
confusion is arising.

