[Juser] Manifest without end-to-end encryption?
waqas20 at gmail.com
Thu Jan 2 03:52:39 UTC 2014
On Tue, Dec 31, 2013 at 6:39 AM, Randolph <rdohm321 at gmail.com> wrote:
> Why is the manifest
> not adding end-to-end encryption?
The manifesto is focused on short-term quickly achievable goals. From
the manifesto itself:
> This commitment to encrypted connections is only the first step
> toward more secure communication using XMPP, and does not obviate
> the need for technologies supporting end-to-end encryption (such as
> Off-the-Record Messaging or OTR), strong authentication, channel
> binding, secure DNS, server identity checking, and secure service
> delegation. Although we have worked to implement and deploy such
> technologies and will continue to do so, we believe that encrypting
> the traffic on the XMPP network is a necessary precondition to
> offering further security improvements.
So, end-to-end encryption is something we certainly want, along with a
bunch of other things, but it just isn't going to get done in the next
3-4 months (e2e can get pretty complex, and spec work is still
More information about the JUser