[Juser] Manifest without end-to-end encryption?

Waqas Hussain waqas20 at gmail.com
Thu Jan 2 03:52:39 UTC 2014


On Tue, Dec 31, 2013 at 6:39 AM, Randolph <rdohm321 at gmail.com> wrote:
> Why is the manifest
> https://github.com/stpeter/manifesto/blob/master/manifesto.txt
> not adding end-to-end encryption?
>

The manifesto is focused on short-term quickly achievable goals. From
the manifesto itself:

> This commitment to encrypted connections is only the first step
> toward more secure communication using XMPP, and does not obviate
> the need for technologies supporting end-to-end encryption (such as
> Off-the-Record Messaging or OTR), strong authentication, channel
> binding, secure DNS, server identity checking, and secure service
> delegation. Although we have worked to implement and deploy such
> technologies and will continue to do so, we believe that encrypting
> the traffic on the XMPP network is a necessary precondition to
> offering further security improvements.

So, end-to-end encryption is something we certainly want, along with a
bunch of other things, but it just isn't going to get done in the next
3-4 months (e2e can get pretty complex, and spec work is still
ongoing).

--
Waqas Hussain


More information about the JUser mailing list