-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/13/12 4:49 PM, mat henshall wrote: > We have an application that needs to be able to encrypt and sign > messages and IQ stanza's that contain custom elements 'end to end' > from one client to another, possibly across multiple federated > services. > > Looking at RFC 3923, ther seems to be very little practical > application of this specification. > > Is there any reason? > > Should I ignore this? If so what would the community suggest?
We've tried 5+ times to build end-to-end encryption. We've failed each time. 1. PGP (XEP-0027) - never widely adopted, who has PGP keys? 2. SMIME+CPIM (RFC 3923) - checking off a security box for the IETF 3. xmlenc (never documented) - might be used somewhere, but those people aren't talking 4. ESessions (XEP-0116) - implemented once, no other adoption 5. XTLS (draft-meyer-xmpp-e2e-encryption) - experimental, didn't move forward At this point I think there are other solutions under discussion: 6. OTR - http://www.cypherpunks.ca/otr/ 7. XMPP e2e - draft-miller-xmpp-e2e I sure hope we'll settle on one of those before the heat death of the universe. Your feedback is welcome. :) Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCi9cEACgkQNL8k5A2w/vy+ygCfYVRu0YZBMdwyDP30h1keLurc 5wwAoItpAnu7E4OiLZraazOpWwnKx+dV =PkuA -----END PGP SIGNATURE----- _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
