[Standards] end-to-end encryption meeting
stpeter at stpeter.im
Wed Nov 7 18:45:23 UTC 2007
Thanks for your perspective, and sorry for the delayed reply.
Justin Karneges wrote:
> So, here's a question: can we create a protocol that allows the same user
> experience as OTR, but instead is based on something proven? I believe the
> answer is yes. Both RFC 3923 and XTLS would allow for an identical user
> experience as OTR. Sure, these systems may have different underlying crypto
> featuresets than OTR (e.g, neither have deniability), but they are featureful
> enough for most purposes.
> Does this mean we should abandon esessions? I don't think so. It offers the
> ultimate set of features that we would like to have eventually, and it takes
> advantage of XMPP in ways other protocols can't. It is looking to the
> future. However, it doesn't offer any user experience improvements over the
> other options (except for perhaps its use of SAS, but I'd like to investigate
> if we can do that in an S/MIME or TLS context before granting that). With
> that in mind, we could develop a system that is good enough today *and* that
> the user can fall in love with. We don't need OTR or esessions to have such
> a system.
Well, that is the question. Perhaps we can find a way to some answers
during the meeting that starts in 15 minutes. :) I hope you'll be there:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards