[standards-jig] Re: JEP-0102

Iain Shigeoka iain at jivesoftware.com
Fri Jul 4 17:36:11 UTC 2003

On Thursday, Jul 3, 2003, at 20:07 US/Pacific, Jean-Louis 
Seguineau/EXC/ENG wrote:

> One generic question though regarding a JEP structure. From your 
> comments
> and from Peter's, I am under the impression that the writing is too 
> binding
> for an implementer. What would be your recommendation to indicate that 
> some
> part of a JEP may be loosely implemented?

I think Matt's second item would be useful. Separate key exchange from 
the protocol so that other key exchange mechanisms can be used. I 
believe this is how the PKCS standards are broken up. So the encryption 
JEP assumes you have keys, and explains what to do with them 
(encryption and decryption). A separate JEP or set of JEPs can then 
describe key exchange (they're kind of orthogonal concerns).


> --jean-louis
> ----- Original Message -----
>> Message: 7
>> Date: Wed, 02 Jul 2003 23:25:00 -0400
>> From: Matt Tucker <matt at jivesoftware.com>
>> Organization: Jive Software
>> To: standards-jig at jabber.org
>> Subject: Re: [standards-jig] Re: JEP-0102
>> Reply-To: standards-jig at jabber.org
>> Hello all,
>> This JEP was originally seen on the security jig mailing list and I 
>> made
>> some comments there that may be good to discuss again here.
>> As outlined in my email below, I still have two major concerns with 
>> this
>> JEP:
>>   1) I believe that arbitrary packets should be encryptable, which 
>> this
>> JEP does not allow.
>>   2) I think the key exchange in this JEP is too complex. XMLEnc
>> provides a simpler mechanism, or perhaps key negotiation should be
>> broken off into a seperate JEP so that those that already have a PKI 
>> can
>> use the encryption but not the key exchange in this JEP.
>> Regards,
>> Matt
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> http://mailman.jabber.org/listinfo/standards-jig

More information about the Standards mailing list