[Security] Re: e2e feedback
stpeter at jabber.org
Wed Mar 21 11:19:38 CDT 2007
Justin Karneges wrote:
> On Friday 16 March 2007 8:08 pm, Peter Saint-Andre wrote:
>> Mridul wrote:
>>> I always considered 3923 a pretty decent idea since it was practical ...
>> Practical, other than the PKI dependency (or can you use self-signed
>> certificates?) and the CPIM usage (which developers hate, there are no
>> CPIM parsers) and the MIME stuff (very much not jabberish). As someone
>> once said, S/MIME is the only known security technology with more
>> implementations than users. :)
> You could use self-signed certificates if you don't want to drag in the PKI.
> This should be the case with any X.509-based protocol.
> True, CPIM and MIME aren't very Jabber-ish. We could get rid of those if we
> wanted to and just use S/MIME alone (which, I wrote a JEP proposal for, if
> anyone remembers). That said, if there were a simplicity contest, CPIM and
> MIME would win against most of the other e2e suggestions, so I wouldn't be
> afraid of having to implement them. :)
Heh. Well, ease of development would be good.
> Unfortunately, S/MIME doesn't provide forward secrecy. For live chat, we can
> do better.
XMPP Standards Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20070321/89d785e4/smime.bin
More information about the Security