stpeter at jabber.org
Mon Apr 12 22:31:34 UTC 2004
Several weeks ago, Justin Karneges submitted to the JEP Editor a
proposal for "secure stanzas" with the intent that it be approved
for publication as a JEP:
As JEP Editor, and in consultation with the Jabber Council, I have
decided not to publish this proposal as a JEP. My reasons were stated
on the publicly-archived Council mailing list, but I shall restate
them here for full disclosure.
Justin's proposal is substantially the same as version -02 of the
Serious and sustained concerns were raised about that Internet-Draft by
many members of the IETF community in the following email thread:
The full thread is a matter of public record and can be reviewed at the
foregoing URL. In short, the IETF community was concerned that the
proposal could not be interoperable with other IETF technologies (mainly
IM systems based on SIP and using the CPIM syntaxes for messaging and
presence), which would prevent true end-to-end encryption for instant
messaging and presence over the Internet.
Based on my experience working closely with the IETF over the last 2+
years, I think that for the JSF to publish Justin's proposal as a JEP
would be seen as bad faith within the IETF: certainly as a breach of
trust, and perhaps even as a violation of the IETF's intellectual
property rights policy (note that the Internet-Draft referred to above
is copyrighted by the IETF).
I fully and painfully realize that 98% of Jabber developers loathe the
xmpp-e2e protocol: it requires them to handle S/MIME (and multipart to
boot!), build CPIM parsers (of which none exist), potentially handle
arbitrary MIME types (since Message/CPIM allows that), etc. The entire
xmpp-e2e protocol is just not in harmony with the Jabber Way and is
perceived by the developer community as damage, which is why we see
continuing efforts to route around it, including Justin's proposal
and JEP-0116. I realize that the likely outcome is this: no one will
implement the xmpp-e2e Internet-Draft and developers will continue
using JEP-0027 or move to something like JEP-0116, at least for
I don't like any of this, and I'm not quite sure what to do about it.
However, one thing I do know: publishing Justin's proposal as a JEP is
not part of the solution.
BTW, draft-ietf-xmpp-e2e-07 is currently in IETF Last Call:
Please note that no one is forcing developers to implement that
protocol, should it be approved by the IESG. However, if you have
comments on draft-ietf-xmpp-e2e-07, now is the time to submit them
within the IETF.
As always, feedback is welcome.
Jabber Software Foundation
More information about the Standards