[xmppwg] End-to-end security handwaving

Marshall Rose mrose+internet.ietf.xmpp at dbc.mtview.ca.us
Thu Oct 24 13:17:23 CDT 2002


> There is a total of one sentence in each of the two drafts regarding 
> end-to-end security:
> 
> >Implementations MAY choose to offer MIME-based security services 
> >providing message integrity and confidentiality, such as OpenPGP or 
> >S/MIME.
> 
> (That's from -im; there's something almost identical in -core.)
> 
> That's nice, but doesn't say anything, given that there's no MIME in 
> either draft on which to use OpenPGP or S/MIME. Anyone care to clue 
> me in on how end-to-end security is going to work? I've been going 
> under the assumption that someone has been thinking about this.

yeah, we need to fix that in the next rev. the use of the term "MIME" is
unfortunate. the openpgp-based stuff that is loosely documented in one of the
jeps seems to work pretty well, so we need to see what can be taken from there
and tightened up.

/mtr



More information about the xmppwg mailing list