[Security] Re: e2e feedback

Peter Saint-Andre stpeter at jabber.org
Wed Mar 21 11:19:38 CDT 2007


Justin Karneges wrote:
> On Friday 16 March 2007 8:08 pm, Peter Saint-Andre wrote:
>> Mridul wrote:
>>> I always considered 3923 a pretty decent idea since it was practical ...
>> Practical, other than the PKI dependency (or can you use self-signed
>> certificates?) and the CPIM usage (which developers hate, there are no
>> CPIM parsers) and the MIME stuff (very much not jabberish). As someone
>> once said, S/MIME is the only known security technology with more
>> implementations than users. :)
> 
> You could use self-signed certificates if you don't want to drag in the PKI.  
> This should be the case with any X.509-based protocol.
> 
> True, CPIM and MIME aren't very Jabber-ish.  We could get rid of those if we 
> wanted to and just use S/MIME alone (which, I wrote a JEP proposal for, if 
> anyone remembers).  That said, if there were a simplicity contest, CPIM and 
> MIME would win against most of the other e2e suggestions, so I wouldn't be 
> afraid of having to implement them. :)

Heh. Well, ease of development would be good.

> Unfortunately, S/MIME doesn't provide forward secrecy.  For live chat, we can 
> do better.

Agreed.

Peter

-- 
Peter Saint-Andre
XMPP Standards Foundation
http://www.xmpp.org/xsf/people/stpeter.shtml

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20070321/89d785e4/smime.bin


More information about the Security mailing list