[standards-jig] Re: JEP-0102
jean-louis.seguineau at antepo.com
Fri Jul 4 03:07:43 UTC 2003
I hear (and have heard previously) what your saying, and appreciate your
comments. It's just that your previous post was made at a time where a
rather "hot" exchange was taking place regarding the JSF name. This time it
is in the midst of another equally heated debate on JEPs. I would rather let
passions cool down a little before addressing your concerns.
One generic question though regarding a JEP structure. From your comments
and from Peter's, I am under the impression that the writing is too binding
for an implementer. What would be your recommendation to indicate that some
part of a JEP may be loosely implemented?
----- Original Message -----
> Message: 7
> Date: Wed, 02 Jul 2003 23:25:00 -0400
> From: Matt Tucker <matt at jivesoftware.com>
> Organization: Jive Software
> To: standards-jig at jabber.org
> Subject: Re: [standards-jig] Re: JEP-0102
> Reply-To: standards-jig at jabber.org
> Hello all,
> This JEP was originally seen on the security jig mailing list and I made
> some comments there that may be good to discuss again here.
> As outlined in my email below, I still have two major concerns with this
> 1) I believe that arbitrary packets should be encryptable, which this
> JEP does not allow.
> 2) I think the key exchange in this JEP is too complex. XMLEnc
> provides a simpler mechanism, or perhaps key negotiation should be
> broken off into a seperate JEP so that those that already have a PKI can
> use the encryption but not the key exchange in this JEP.
More information about the Standards