[standards-jig] Re: JEP-0102
iain at jivesoftware.com
Fri Jul 4 17:36:11 UTC 2003
On Thursday, Jul 3, 2003, at 20:07 US/Pacific, Jean-Louis
> One generic question though regarding a JEP structure. From your
> and from Peter's, I am under the impression that the writing is too
> for an implementer. What would be your recommendation to indicate that
> part of a JEP may be loosely implemented?
I think Matt's second item would be useful. Separate key exchange from
the protocol so that other key exchange mechanisms can be used. I
believe this is how the PKCS standards are broken up. So the encryption
JEP assumes you have keys, and explains what to do with them
(encryption and decryption). A separate JEP or set of JEPs can then
describe key exchange (they're kind of orthogonal concerns).
> ----- Original Message -----
>> Message: 7
>> Date: Wed, 02 Jul 2003 23:25:00 -0400
>> From: Matt Tucker <matt at jivesoftware.com>
>> Organization: Jive Software
>> To: standards-jig at jabber.org
>> Subject: Re: [standards-jig] Re: JEP-0102
>> Reply-To: standards-jig at jabber.org
>> Hello all,
>> This JEP was originally seen on the security jig mailing list and I
>> some comments there that may be good to discuss again here.
>> As outlined in my email below, I still have two major concerns with
>> 1) I believe that arbitrary packets should be encryptable, which
>> JEP does not allow.
>> 2) I think the key exchange in this JEP is too complex. XMLEnc
>> provides a simpler mechanism, or perhaps key negotiation should be
>> broken off into a seperate JEP so that those that already have a PKI
>> use the encryption but not the key exchange in this JEP.
> Standards-JIG mailing list
> Standards-JIG at jabber.org
More information about the Standards