On Aug 17, 2011, at 07:57, Peter Saint-Andre wrote: > More than that, OTR just works [tm]. We've had debates for many years about > PGP, S/MIME, SIGMA-based encrypted sessions, XTLS, etc. But for as long as > we've been having these interminable discussions, OTR has quietly been > working in the real world -- field tested by thousands of users in a wide > variety of clients, and seemingly resistant to attacks. >
It just works™ because there's effectively only one implementation. Really easy to interoperate if you're the only game in town! > Instead of trying to invent something new, why don't we use something that > has plenty of running code behind it? 1) At least PGP and S/MIME (CMS) have been around longer than (lib)otr, and there have been implementations that used PGP/GPG. IMO, we didn't do a good job incorporating one of them, so they have "failed" us. 2) A single implementation means a single point of failure and compromise. If XSF care enough about this, then maybe we should fund at least one implementation for a few platforms (e.g. C, ECMAScript, Java, Python). Also, get the specs somewhere with an established IPR and governance policy. - m&m <http://goo.gl/voEzk> _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________
