[Standards-JIG] e2e

Peter Saint-Andre stpeter at jabber.org
Mon Apr 12 22:31:34 UTC 2004


Several weeks ago, Justin Karneges submitted to the JEP Editor a 
proposal for "secure stanzas" with the intent that it be approved
for publication as a JEP:

http://www.jabber.org/jeps/inbox/secure.html

As JEP Editor, and in consultation with the Jabber Council, I have 
decided not to publish this proposal as a JEP. My reasons were stated
on the publicly-archived Council mailing list, but I shall restate 
them here for full disclosure.

Justin's proposal is substantially the same as version -02 of the
xmpp-e2e Internet-Draft:

http://www.jabber.org/ietf/attic/draft-ietf-xmpp-e2e-02.html

Serious and sustained concerns were raised about that Internet-Draft by
many members of the IETF community in the following email thread:

http://www.jabber.org/pipermail/xmppwg/2003-May/001039.html

The full thread is a matter of public record and can be reviewed at the
foregoing URL. In short, the IETF community was concerned that the
proposal could not be interoperable with other IETF technologies (mainly
IM systems based on SIP and using the CPIM syntaxes for messaging and 
presence), which would prevent true end-to-end encryption for instant
messaging and presence over the Internet.

Based on my experience working closely with the IETF over the last 2+
years, I think that for the JSF to publish Justin's proposal as a JEP 
would be seen as bad faith within the IETF: certainly as a breach of 
trust, and perhaps even as a violation of the IETF's intellectual 
property rights policy (note that the Internet-Draft referred to above 
is copyrighted by the IETF).

I fully and painfully realize that 98% of Jabber developers loathe the
xmpp-e2e protocol: it requires them to handle S/MIME (and multipart to
boot!), build CPIM parsers (of which none exist), potentially handle
arbitrary MIME types (since Message/CPIM allows that), etc. The entire
xmpp-e2e protocol is just not in harmony with the Jabber Way and is 
perceived by the developer community as damage, which is why we see 
continuing efforts to route around it, including Justin's proposal 
and JEP-0116. I realize that the likely outcome is this: no one will 
implement the xmpp-e2e Internet-Draft and developers will continue 
using JEP-0027 or move to something like JEP-0116, at least for
session-based communications.

I don't like any of this, and I'm not quite sure what to do about it. 
However, one thing I do know: publishing Justin's proposal as a JEP is 
not part of the solution.

BTW, draft-ietf-xmpp-e2e-07 is currently in IETF Last Call:

http://www1.ietf.org/mail-archive/ietf-announce/Current/msg00022.html

Please note that no one is forcing developers to implement that
protocol, should it be approved by the IESG. However, if you have
comments on draft-ietf-xmpp-e2e-07, now is the time to submit them
within the IETF.

As always, feedback is welcome.

Peter

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.php




More information about the Standards mailing list