[Standards] Updated Yabasta Protocol (E2E-related)

Simon McVittie simon.mcvittie at collabora.co.uk
Thu Jun 27 11:01:45 UTC 2013


On 26/06/13 19:16, Jon Kristensen wrote:
> The OTR-inspired and end-to-end secure Yabasta protocol has received a
> significant update today. You can see the updated protocol at
> <https://github.com/jonkri/yabasta-protocol/>.

Why should implementers prefer this protocol over end-to-end TLS, such
as the XTLS RFC-draft? Sell it to us :-)

(I do like this better than OTR, because the payload is specifically an
extensible XMPP stanza, rather than being constrained to be
human-readable text in UTF-8 "optionally with HTML markup", whatever
that means.)

Most client implementers haven't implemented XTLS, and the RFC-draft for
it wasn't finished, because end-to-end security is a lot of work to do
well (or at least, that's why nobody has had time to implement it in
Telepathy). Is Yabasta any easier, bearing in mind that unlike XTLS, it
doesn't appear to be possible to use existing TLS libraries like GNUTLS,
NSS or OpenSSL to do the cryptographic bits?

> a service discovery feature item of "yabasta-protocol:0"

That's not an IETF-registered URI scheme, and neither are the various
XMLNSs in your mapping into XMPP. If you own yabasta.com,
http://yabasta.com/xmpp/0 might be a more appropriate URI, for instance.
(If you don't, please don't it in your examples :-)

You probably only need one XMLNS for the whole specification: only the
tuple (namespace URI, element name) needs to be unique.

Regards,
    S




More information about the Standards mailing list