[Standards-JIG] JEP-0136: Message Archiving
Michael.Long at cornerstone.net
Wed Jan 18 16:33:27 UTC 2006
Tomasz Sterna said:
> 2006/1/17, Michael Long <Michael.Long at cornerstone.net>:
> As for privacy - I think public key encryption is enough to ensure the
> message privacy.
I don't quite follow the above comment. Which aspect of the standard/
suggestions does that comment apply?
> End-2-End decryption key could be stored in the same message archive
> as a body-less message, for the client to retrieve it later. Pubkey
> encrypted of course.
I am assuming you are referring to server autoarchving. Can you give
an example message of which you speak?
I was thinking that the client could send a message similar to the
<iq type='set' to='montague.net'>
<key with='juliet at capulet.com'>
The value of the <key/> node indicates the key used to encrypt the
conversation with juliet at capulet.com. Of course, the key should
be encrypted, so there would be more attributes in the <key/> node,
such as keyalg, dataalg, and key (confusing attribute name). Also,
I would think that the key should be scoped (to a thread?). As I
have mentioned before, I am not versed in encryption techniques,
so this may not make any sense.
> And I believe it belongs to another JEP. It's an optional
> functionality of server that may, or may not exist alongside with
> JEP-0136. It could be mentioned in JEP-0136 though.
The more I think about it, I agree. Server autoarchiving, whether it
be the start/stop method or some other method should probably be in
a separate JEP, which extends JEP-0136. It is more important to get
JEP-0136 approved and not delay it with this autoarchiving concept.
Michael J. Long
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3576 bytes
Desc: not available
More information about the Standards