[Security] Re: e2e feedback
Justin Karneges
justin at affinix.com
Sat Mar 17 01:50:42 CDT 2007
On Friday 16 March 2007 8:08 pm, Peter Saint-Andre wrote:
> Mridul wrote:
> > I always considered 3923 a pretty decent idea since it was practical ...
>
> Practical, other than the PKI dependency (or can you use self-signed
> certificates?) and the CPIM usage (which developers hate, there are no
> CPIM parsers) and the MIME stuff (very much not jabberish). As someone
> once said, S/MIME is the only known security technology with more
> implementations than users. :)
You could use self-signed certificates if you don't want to drag in the PKI.
This should be the case with any X.509-based protocol.
True, CPIM and MIME aren't very Jabber-ish. We could get rid of those if we
wanted to and just use S/MIME alone (which, I wrote a JEP proposal for, if
anyone remembers). That said, if there were a simplicity contest, CPIM and
MIME would win against most of the other e2e suggestions, so I wouldn't be
afraid of having to implement them. :)
Unfortunately, S/MIME doesn't provide forward secrecy. For live chat, we can
do better.
-Justin
More information about the Security
mailing list