[Standards] Re: compliance: Basic Client (0211)

Magnus Henoch mange at freemail.hu
Wed May 9 11:29:20 UTC 2007

Jakob Schroeter <js at camaya.net> writes:

> E2EE is optional (a XEP, not a MUST in the RFC) and not a replacement for 
> current TLS usage, since it doesn't cover things like e.g. roster fetch.

Actually, E2E (in the shape of RFC 3923) is required, according to
section 12.2 of RFC 3921:

"12.2.  Clients

In addition to core client compliance requirements, an instant
messaging and presence client MUST additionally support the following

* End-to-end object encryption as defined in End-to-End Object
  Encryption in the Extensible Messaging and Presence Protocol (XMPP)
  (Saint-Andre, P., “End-to-End Signing and Object Encryption for the
  Extensible Messaging and Presence Protocol (XMPP),” October 2004.)

I think the client compliance XEPs should have an exception for this,
as RFC 3923 is, in its own words, "hrozny", and not likely to be
implemented any time soon.

JID: legoscia at jabber.cd.chalmers.se

More information about the Standards mailing list