[Standards] 33C3 talk on Signal and current XMPP issue in providing a similar UX
stpeter at stpeter.im
Thu Dec 29 23:53:16 UTC 2016
On 12/29/16 4:12 PM, Kim Alvefur wrote:
> On Thu, Dec 29, 2016 at 11:32:18PM +0100, Tobias Markmann wrote:
>> Conclusions from the talk and possible actions to address them are:
>> * The XMPP manifesto from 2014 was a nice start and had very visible and
>> noticeable effects, >95% of public XMPP services require TLS for C2S
>> connections. However, the manifesto is outdated with regard to latest
>> secure TLS versions and has some inconsistencies. Maybe we should update it
>> or turn it into a XEP, maybe as part of server compliance suites.
> St Peter wrote on 7 Nov 2014:
>> The manifesto was not intended to be a living document, but a way to
>> garner support for the switch to an encrypted network.
> Full comment at
> So you should look at RFC 7590 and RFC 7525 for deployment guidelines,
> not the manifesto.
Newer attacks and technologies are good reasons to update the compliance
spec every year.
More information about the Standards