[Standards-JIG] Re: The Great Encryption Debate
ian.paterson at clientside.co.uk
Tue Aug 9 01:46:08 UTC 2005
> > All protocols, including S/MIME and PGP, have to face the same
> > key verification challenges. So this list agreed last week that the
> > protocol for publishing keys will be split into a separate generally
> > applicable JEP (as soon as someone has the time to write it).
Hal Rottenberg wrote:
> This is why both systems have failed to grow to a
> substantial user populatoin outside of geek circles. From my
> viewpoint (HCI), the key exchange part is the more important
> part for the future of XMPP.
Yes, absolutely. Guaranteeing the entity-to-public-key association is
the difficult bit.
Especially since, to gain Aunt Tillie's acceptance, the default mode
needs to be 100% transparent for her (like https:).
She shouldn't have to verify a fingerprint or be aware that a
certificate is being requested on her behalf.
Of course the system needs to be flexible enough to accommodate the
More information about the Standards