[Standards] [Members] 33C3 talk on Signal and current XMPP issue in providing a similar UX
dave at cridland.net
Sat Dec 31 14:15:28 UTC 2016
On 29 Dec 2016 22:32, "Tobias Markmann" <tmarkmann at googlemail.com> wrote:
So @hanno ( https://twitter.com/hanno/ ) did a presentation followed by a
short discussion on Signal and how XMPP and other federated systems fail to
provide a similar secure and usable system over federated architecture. The
slides can be found at https://www.int21.de/slides/33c3-decentralized/#/ .
I wonder if he's coming to FOSDEM and could pop around the XMPP Summit to
give the talk and discuss?
* XMPP on-boarding. New users finding the right XMPP service for them, one
that matches their law requirements and privacy expectations. After
registration, they need to easily/secure/privacy-enforcing fill up their
roster with contacts based on known contact information like phone number
or e-mail address.
We could probably do with breaking these problems down, so we can deal with
them individually instead of as a scary amorphous block.
For example, legal and privacy statements could be handled as feature
assertions, which - in principle - might allow regulatory requirements to
span S2S links as well as C2S links. For example, "We are required to log
all messages" is significant for S2S as well as during on-boarding.
XEP-0288 does, of course, raise some issues here.
As to finding the servers themselves... This is the kind of case where a
centralized system makes sense, I think.
Contact discovery we know to be hard, but it might benefit to consider it
in terms of publishing your own contact details and then (seperately),
discovering those of others. We might only be able to address privacy on
one of these...
I probably missed some, so feel free to add further points. What are your
opinions, ideas, and suggestions on these issues?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Standards