[Standards] Re: compliance: Basic Client (0211)

Magnus Henoch mange at freemail.hu
Wed May 9 11:29:20 UTC 2007


Jakob Schroeter <js at camaya.net> writes:

> E2EE is optional (a XEP, not a MUST in the RFC) and not a replacement for 
> current TLS usage, since it doesn't cover things like e.g. roster fetch.

Actually, E2E (in the shape of RFC 3923) is required, according to
section 12.2 of RFC 3921:

"12.2.  Clients

In addition to core client compliance requirements, an instant
messaging and presence client MUST additionally support the following
protocols:
[...]

* End-to-end object encryption as defined in End-to-End Object
  Encryption in the Extensible Messaging and Presence Protocol (XMPP)
  (Saint-Andre, P., “End-to-End Signing and Object Encryption for the
  Extensible Messaging and Presence Protocol (XMPP),” October 2004.)
  [XMPP‑E2E]"

I think the client compliance XEPs should have an exception for this,
as RFC 3923 is, in its own words, "hrozny", and not likely to be
implemented any time soon.

-- 
Magnus
JID: legoscia at jabber.cd.chalmers.se




More information about the Standards mailing list