[Standards] end-to-end encryption meeting

Peter Saint-Andre stpeter at stpeter.im
Wed Nov 7 18:45:23 UTC 2007

Hi Justin!

Thanks for your perspective, and sorry for the delayed reply.

Justin Karneges wrote:

> So, here's a question: can we create a protocol that allows the same user 
> experience as OTR, but instead is based on something proven?  I believe the 
> answer is yes.  Both RFC 3923 and XTLS would allow for an identical user 
> experience as OTR.  Sure, these systems may have different underlying crypto 
> featuresets than OTR (e.g, neither have deniability), but they are featureful 
> enough for most purposes.
> Does this mean we should abandon esessions?  I don't think so.  It offers the 
> ultimate set of features that we would like to have eventually, and it takes 
> advantage of XMPP in ways other protocols can't.  It is looking to the 
> future.  However, it doesn't offer any user experience improvements over the 
> other options (except for perhaps its use of SAS, but I'd like to investigate 
> if we can do that in an S/MIME or TLS context before granting that).  With 
> that in mind, we could develop a system that is good enough today *and* that 
> the user can fall in love with.  We don't need OTR or esessions to have such 
> a system.

Well, that is the question. Perhaps we can find a way to some answers
during the meeting that starts in 15 minutes. :) I hope you'll be there:



Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20071107/a98e1d24/attachment.bin>

More information about the Standards mailing list