[Standards] Any protocol to request encrypted connections?

Peter Saint-Andre stpeter at jabber.org
Mon Feb 5 21:46:49 UTC 2007


Ian Paterson wrote:
> Matthias Wimmer wrote:
>> Especially if I am not able to do e2e. E.g. because the destination's 
>> server does not want to allow e2e encryption because it has to log all 
>> exchanged messages, because the message is passing a gateway and we 
>> already start to forget RFC 3923, or just because the client is 
>> connecting using a web-based interface.
> 
> Yes, you're right. (although Web clients will do full-strength e2e)
> 
> The 'security' field in XEP-0155 allows the sender (or receiver) to 
> specify that both clients must be securely connected to their servers. 
> But something like XEP-0079 will be necessary for s2s... unless we 
> specify in RFC3920bis that servers MUST use SASL-TLS for all s2s 
> connections!

Specs and reality are two separate things. :-) Realistically, we'll have 
many unsecured s2s channels for a long time to come.

/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070205/ce54c87e/attachment.bin>


More information about the Standards mailing list