[Standards] e2e privacy for XMPP Re: RFC 3923 (e2e with S/MIME) and OpenPGP

Peter Saint-Andre stpeter at stpeter.im
Tue Nov 19 20:27:29 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/18/13 3:49 PM, Carlo v. Loesch wrote:

<snip/>

Hi Carlo!

I need to spend some quality time with your long message, but I don't
have time for that right now. One quick point...

> By conseguence interoperability and "open standards" are no
> relevant goal: They were introduced in order to make companies have
> their proprietary technology speak a common language - but since
> proprietary technology by design cannot be reliably respectful of
> privacy, we must design our future communication paths free of
> proprietary contributions. That means that the protocol standards
> etc become a lot less important: As long as there is a well-defined
> and reviewed GNU licensed codebase, all applications can be made
> interoperable even if the protocol wasn't documented. Of course
> that is not recommendable and in fact a proper review implies
> documenting the protocol fully - but it is very distant from
> today's notion of necessity of a protocol standards body. A
> protocol can thus be driven by efficiency needs rather than lobby
> interests.

As you might remember, the original Jabber community was focused on
code but also on defining and documenting an open protocol. There were
no corporate interests pushing agendas (although some of the jabberd
developers had some support from Webb Interactive Services), just
coders making sure that clients and servers could interoperate.

I think we need three things: open source, open standards, and an open
community. In fact I wrote an article about it way back in 2003:

http://www.onlamp.com/lpt/a/3660

But these days the threat model has changed and I think we need to go
beyond merely "open" to "trusted". Yes, trust is a slippery concept,
but in my mind it's connected to things like hardware (e.g., PNRGs),
build processes, transparency of releases, community governance,
software that does what the user intends and no more, etc. This is
something bigger than any particular technology, so this list might
not be the best place to discuss it. Maybe a blog post or new
discussion venue is in order...

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSi8mxAAoJEOoGpJErxa2pGIIP/3yupgKNsZDmeGFTCpiPh9jH
jT67SKV+M/d8v0rBBoohvRY50IURnaMaoJQcPC4Y40yAASnUag9sfnhw5J1CI6W2
iilSdVd1O9j1btjDPyOiYSXfwiKWDLD1aODhgQpaZ02pYu0/8MJMVTUaxfRP+NMN
YuVRizR/avRIwNt0Wq7WEfKYqR0xQ+uFEwzxhCctTbcI400P3f6zjt2FSUDig08J
Uq0S/O9bK9FBzOo2krLqsiFx0NYdrjjpDi+RcAYPfZ6L1ShQtzBEziph8xer0olH
30O1NOZmJn6qE/kquR+L4FldgPyiXf+QmvUOpwuRpflU8CniWZpjJ82T6EoZYNTP
78nK8qL4o6cmUdFPT6YTKbgS9aIDyeZPTRt0901Ayj4EJQQLpqTTKMZcriymOWVA
PUOJ4ghvtir9AyU4MGRtBNny/UrpJ7xmNP+bmz40NtQdrGLcrZTOnx2FAoPOG4Ec
Ee0vgSfkbMryaEYSjXSi/rer8qSg39rvRAyJX50I6+IQc4K2V2WYLPkoL4qnYxs8
xfQXOVpFHAedDnY+gXy4DcIzXHR1AnQ8pe3+7+Hrp1Pizloy2oZLDCMbcW1Fg/5s
7PMbTs/E2U9s/5DLrF6/6M4pt2yi7ROrEN8rWIm23JXhSwjLcaEc8WoB1JKM0kPQ
zQEqjyKa9LMg45QglJMV
=C8IT
-----END PGP SIGNATURE-----



More information about the Standards mailing list