On 8/17/11 8:17 AM, Matthew A. Miller wrote:
On Aug 17, 2011, at 07:57, Peter Saint-Andre wrote:
More than that, OTR just works [tm]. We've had debates for many
years about PGP, S/MIME, SIGMA-based encrypted sessions, XTLS, etc.
But for as long as we've been having these interminable
discussions, OTR has quietly been working in the real world --
field tested by thousands of users in a wide variety of clients,
and seemingly resistant to attacks.
It just works™ because there's effectively only one implementation.
Really easy to interoperate if you're the only game in town!
Instead of trying to invent something new, why don't we use
something that has plenty of running code behind it?
1) At least PGP and S/MIME (CMS) have been around longer than
(lib)otr, and there have been implementations that used PGP/GPG.
IMO, we didn't do a good job incorporating one of them, so they have
"failed" us.
Or we failed them, sure.
2) A single implementation means a single point of
failure and compromise.
Agreed.
If XSF care enough about this, then maybe we
should fund at least one implementation for a few platforms (e.g. C,
ECMAScript, Java, Python). Also, get the specs somewhere with an
established IPR and governance policy.
I'm working with the OTR folks to get an Internet-Draft published.
Peter
--
Peter Saint-Andre
https://stpeter.im/
_______________________________________________
JDev mailing list
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
