[Standards] e2e privacy for XMPP Re: RFC 3923 (e2e with S/MIME) and OpenPGP

Hannes Tschofenig hannes.tschofenig at gmx.net
Mon Nov 18 13:04:59 UTC 2013


It really depends what threats you are concerned about, Steffen.

I briefly looked at a Mumble project, which uses IM over Tor, when it 
was mentioned on the IETF perpass list. Here were my thoughts:
http://www.ietf.org/mail-archive/web/perpass/current/msg00215.html	

Ciao
Hannes

Am 18.11.13 13:38, schrieb Steffen Larsen:
> Hi,
>
> On 18 Nov 2013, at 13:07, Andreas Kuckartz <a.kuckartz at ping.de> wrote:
>
>> Simon Tennant:
>>> IMHO, e2e security would probably make more sense as a XEP and working
>>> group that has the time to zoom into all the implementation details.
>>
>> Can that be solved by an XEP ?
>>
>> What about this IETF draft? (I still have to read it)
>>
>> End-to-End Object Encryption and Signatures for the Extensible Messaging
>> and Presence Protocol (XMPP)
>> draft-miller-xmpp-e2e-06
>> https://datatracker.ietf.org/doc/draft-miller-xmpp-e2e/
>>
>> There exist people who mention XMPP as belonging to "faulty
>> technologies" for which they want to create alternatives:
>> http://youbroketheinternet.org/
>>
>> And I try to find out what can be done to improve XMPP regarding
>> security and privacy.
>>
>
> Well you can “always” run XMPP on top of TOR if you like that, if it is the S2S routing that bothers you. :-)
>
>
>> Cheers,
>> Andreas
>>
>>> On 18 November 2013 10:30, Andreas Kuckartz <a.kuckartz at ping.de
>>> <mailto:a.kuckartz at ping.de>> wrote:
>>>
>>>     Peter Saint-Andre some time ago wrote:
>>>> On 7/16/13 4:27 AM, Carlo v. Loesch wrote:
>>>>> Since XMPP isn't suitable for keeping meta-data private I would
>>>>> presume that e2e privacy is out of scope for this mailing list,
>>>>> really.
>>>>
>>>> True.
>>>
>>>     Where would the topic e2e privacy for XMPP be "in scope" ?
>>>
>>>     Cheers,
>>>     Andreas
>
>
> /Steffen
>




More information about the Standards mailing list