[Standards-JIG] Re: UPDATED: JEP-0136 (Message Archiving)
remko at el-tramo.be
Sun Sep 10 13:42:39 UTC 2006
> Yes, but what if i use an old client which doesn't support the
> feature at
> all ?
> Message are then not logged -> data loss
I don't think we can compromise security just because people use old
clients. The most important part about specs is to make them easy to
implement, so everyone adopts them immediately, even the 'simple'
clients such as web clients. People using old software always pay the
price of not having all features, i don't see why it should be
different here (especially if security is at stake). Bug your client
> Not really user friendly.
> Or is encryption reserved to geek ?
'User friendly' and 'geeky' are not opposites. This aside, security
should be made as simple as possible, but not at the price of the
security itself. If you start putting keys on servers, there's no
security anymore, even for those who *are* experts. You might as well
drop end-to-end security altogether then. For end-to-end encryption,
all encryption and decryption should happen at the client.
An easy to use solution would be to have a security token which you
just insert in your USB-port, and your client auto detects it and
uses it for encryption. You put the token on your keychain with all
your other keys, and you have security everywhere you go. Not
something very common, but userfriendly nevertheless :)
More information about the Standards