[xmppwg] End-to-end security handwaving

Marshall Rose mrose+internet.ietf.xmpp at dbc.mtview.ca.us
Thu Oct 24 13:17:23 CDT 2002

> There is a total of one sentence in each of the two drafts regarding 
> end-to-end security:
> >Implementations MAY choose to offer MIME-based security services 
> >providing message integrity and confidentiality, such as OpenPGP or 
> >S/MIME.
> (That's from -im; there's something almost identical in -core.)
> That's nice, but doesn't say anything, given that there's no MIME in 
> either draft on which to use OpenPGP or S/MIME. Anyone care to clue 
> me in on how end-to-end security is going to work? I've been going 
> under the assumption that someone has been thinking about this.

yeah, we need to fix that in the next rev. the use of the term "MIME" is
unfortunate. the openpgp-based stuff that is loosely documented in one of the
jeps seems to work pretty well, so we need to see what can be taken from there
and tightened up.


More information about the xmppwg mailing list