[Standards-JIG] The Great Encryption Debate

Ian Paterson ian.paterson at clientside.co.uk
Thu Aug 18 14:35:14 UTC 2005


> I agree that DH is the answer for session encryption, and I'm 
> not saying we shouldn't use it... I want to use DH too.
[snip]
> object-based security is simply easier, and there might be 
> some people out there that would only want to implement that 
> instead of doing the full-on Esessions.  However, since I'm
> not one of them, perhaps this portion of the thread should
> be ended. :)

:) Yes. Perhaps that 'half-way' group is not as big as we (me included)
have been assuming. Perhaps people who are interested enough to
implement e2e themselves will typically have the patience to do the
extra work involved with a D-H based protocol (while everyone else just
reuses their code)?

> The more I think about it, the more I like the idea of 
> confining object-based security to sign-only.

Yes. object-based signing is especially appropriate for one-to-many
instances like pubsub and groupchat. We probably need a JEP for this.

- Ian




More information about the Standards mailing list