[Standards-JIG] RE: Encrypted sessions

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Fri Jun 9 09:14:13 UTC 2006


On Thursday 08 June 2006 20:16, Hal Rottenberg wrote:
> On 6/8/06, Kevin Smith <kevin at kismith.co.uk> wrote:
> > On 8 Jun 2006, at 22:51, Jean-Louis Seguineau wrote:
> > > If we want to handle the case of secure offline storage, I'd rather
> > > have it
> > > handled in a separate JEP.
> >
> > I agree, they're very different issues to cover and, unless someone
> > much smarter than me comes up with something impressive, trying to
> > satisfy both to their fullest is going to result in neither being
> > optimal.
>
> Slightly OT:
>
> Technically something impressive has already been created, and it lies
> dormant within Psi already, right?  QCA2 supports PKI in various ways,
> for example storing keys on a smart card.  I tested it with Justin a
> while back.

I think he means an impressive protocol.  But yeah, QCA is great, and Psi will 
have no trouble supporting whatever the JSF comes up with. :)

However, I worry about the effort needed to implement JEP-0116 on a wide 
scale.  It is around the same complexity as TLS, which 100% of us use 
libraries for, I'm sure.

I think we would do well to supercede JEP-27 with a protocol nearly as simple, 
just to tie up the loose ends (namely iq stanzas, signing, and X.509, maybe 
reconciliation with RFC 3923).  JEP-116 would also exist, but as an advanced 
alternative.

-Justin



More information about the Standards mailing list