[Standards-JIG] JEP-0136 Message Archiving

Ian Paterson ian.paterson at clientside.co.uk
Sun Sep 10 17:45:26 UTC 2006


Matthias Wimmer wrote:
> BTW: What are the considerations for choosing the chosen cryptography 
> schemes of JEP-0136?
>
Good question. I think they are particularly secure and very simple to 
implement. For example, RSA-KEM is currently the only required 
encapsulation scheme since it is NESSIE-recommended and its security is 
tightly proven (unlike RSA-OAEP or PKCS #1 v1.5).

Although I'm open to a full discussion about these schemes and any 
others, I'm also concerned that a discussion about crypto schemes now 
could easily distract from the rest of the JEP, so I hope we don't go 
into it too deeply until we've got the rest of the JEP sorted out. That 
way implementations can move forward while we argue about the crypto 
modules that should be pluged in.

Note: Any changes will only affect the registry entries, not the JEP 
itself. Cryptography is an evolving science. So (my working copy of) the 
JEP makes use of the Jabber Registrar to allow all the crypto algorithms 
to continue to change even after the JEP reaches "Final" status.

> Shouldn't the first sentence of 5.1 read:
>
> While automated archiving is easy for the client and server to 
> implement, there are many contexts in which _manual_ archiving is 
> required.
>
Thanks, fixed in my working copy.

- Ian




More information about the Standards mailing list