[Standards] 33C3 talk on Signal and current XMPP issue in providing a similar UX

Peter Saint-Andre stpeter at stpeter.im
Thu Dec 29 23:53:16 UTC 2016


On 12/29/16 4:12 PM, Kim Alvefur wrote:
> On Thu, Dec 29, 2016 at 11:32:18PM +0100, Tobias Markmann wrote:
>> Conclusions from the talk and possible actions to address them are:
>>
>> * The XMPP manifesto from 2014 was a nice start and had very visible and
>> noticeable effects, >95% of public XMPP services require TLS for C2S
>> connections. However, the manifesto is outdated with regard to latest
>> secure TLS versions and has some inconsistencies. Maybe we should update it
>> or turn it into a XEP, maybe as part of server compliance suites.
>
> St Peter wrote on 7 Nov 2014:
>> The manifesto was not intended to be a living document, but a way to
>> garner support for the switch to an encrypted network.
>
> Full comment at
> https://github.com/stpeter/manifesto/issues/84#issuecomment-62167765
>
> So you should look at RFC 7590 and RFC 7525 for deployment guidelines,
> not the manifesto.

Newer attacks and technologies are good reasons to update the compliance 
spec every year.

Peter




More information about the Standards mailing list