Re: [Standards] Heml.is and federation..

2013-07-18 Thread Peter Saint-Andre 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 7/18/13 12:47 AM, Daniele Ricci wrote:
> Hello, draft-miller-xmpp-e2e-06, at 3.2.2-3 states: "Constructs a
> forwarding envelope (M) using a  element [...]"
> 
> why the ? Why not encode the stanza itself?

It really would be best to discuss that Internet-Draft on the
x...@ietf.org list:

https://www.ietf.org/mailman/listinfo/xmpp

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJR6AtjAAoJEOoGpJErxa2prEsP/09oRyO6v4m0lu+RdTwdvY+v
t0FLONmG0R5O3V1ShI1avJHl3PfhMw/YduaeuAQNTmQ2W1CYaVmCctqWD3rYdU9T
lWHbgzr42SX5AKy45BMVckVkDGoSfNZR/1K89W++bXhRLV54txMbcaIS3ptxgQ7p
poLI+WpbMYKAs5bKhyJ1otR0rcAKxpucNhlmq56v6YhBWgyjQlb2suHQOQ8aIshx
bFzNyoy2nMlBMe4M4tS8V0d1muTmdTEKX1lZGK5gy3z90uBRleCSfbHMslUhnzcI
rfBUSrETnBqGNdHfPGxHqQRqBiTleXWue61w9fojLjsp1hpk/f+mI1+j7Hyahr8c
cW5Dah7Xwzuz+lYndwGmFD2p4blTDiIGVIxMiwbYiRJObzhN1cVk/de588/IiZC8
1pKH+TTnRzA5ZufXwHI9A+bhaUN8jL9ed5TTAr9z/Fyyb4LqRF02ILnZTz+youMF
N9ATkpuZGFkaX5dbuRSVL3BrW7han1bNhTGS1HnfRhgznpSqGfvnIFP5qfUBkgNq
n393i18LSootA2saiQRhCvYIpcUo2nempUokMNgyJB7EUu2BSzdvVX9gN7o+9lvs
a1F8t5kuf0Ab6xfO23mnpnWado2phfKeIAqRBgQ6PJmqc1BwstwupizeQFbr0wnL
x/ZVq3G4/a6LT+qh3rz4
=emLe
-END PGP SIGNATURE-

Re: [Standards] Heml.is and federation..

2013-07-17 Thread Daniele Ricci 
Hello,
draft-miller-xmpp-e2e-06, at 3.2.2-3 states:
"Constructs a forwarding envelope (M) using a  element [...]"

why the ? Why not encode the stanza itself?

On Fri, Jul 12, 2013 at 10:42 PM, Ralph Meijer  wrote:
> On 2013-07-12 20:56, Steffen Larsen wrote:
>>
>> Hi,
>>
>> I just stumbled upon https://heml.is, which is a new XMPP client for IOS
>> and Android. Anyone knows these guys?
>>
>> It uses XMPP and PGP for encryption, but do any of you guys know if they
>> federate?.. What I can see from skimming their page, its yet another silo,
>> due to the fact of PGP and their own infrastructure.
>> So federation and using your own domain does not seem feasible, right?
>> Anyone want to discuss this and the alternatives besides OTR? Security
>> labels?
>>
>> When I see something like this I get exited to start with because I
>> actually want something like this on the client/server part, but then later
>> on gets down to earth when it seems out of the standards. Or is it just me?
>
>
> I think the most interesting aspect of projects like this is the addition of
> some form of end-to-end encryption. If you want to be involved in an effort
> like this, I strongly recommend you get on the IETF XMPP WG mailing list and
> discuss Matt Miller's draft [1].
>
> This is basically the result of several attempts to standardize e2s
> encryption for XMPP. It needs more eyes, implementations and feedback.
>
> [1] 
>
> --
> ralphm



-- 
Daniele

Re: [Standards] Heml.is and federation..

2013-07-13 Thread Daniele Ricci 
Hi Steffen,
please refer to this thread [1] to go on with further discussions. I
am too looking for a standard and interoperable way of doing e2e
encryption, but the current situation is still a bit confusing.

[1] http://mail.jabber.org/pipermail/standards/2013-July/027731.html

On Fri, Jul 12, 2013 at 10:42 PM, Ralph Meijer  wrote:
> On 2013-07-12 20:56, Steffen Larsen wrote:
>>
>> Hi,
>>
>> I just stumbled upon https://heml.is, which is a new XMPP client for IOS
>> and Android. Anyone knows these guys?
>>
>> It uses XMPP and PGP for encryption, but do any of you guys know if they
>> federate?.. What I can see from skimming their page, its yet another silo,
>> due to the fact of PGP and their own infrastructure.
>> So federation and using your own domain does not seem feasible, right?
>> Anyone want to discuss this and the alternatives besides OTR? Security
>> labels?
>>
>> When I see something like this I get exited to start with because I
>> actually want something like this on the client/server part, but then later
>> on gets down to earth when it seems out of the standards. Or is it just me?
>
>
> I think the most interesting aspect of projects like this is the addition of
> some form of end-to-end encryption. If you want to be involved in an effort
> like this, I strongly recommend you get on the IETF XMPP WG mailing list and
> discuss Matt Miller's draft [1].
>
> This is basically the result of several attempts to standardize e2s
> encryption for XMPP. It needs more eyes, implementations and feedback.
>
> [1] 
>
> --
> ralphm



-- 
Daniele

Re: [Standards] Heml.is and federation..

2013-07-12 Thread Ralph Meijer 

On 2013-07-12 20:56, Steffen Larsen wrote:

Hi,

I just stumbled upon https://heml.is, which is a new XMPP client for IOS and 
Android. Anyone knows these guys?

It uses XMPP and PGP for encryption, but do any of you guys know if they 
federate?.. What I can see from skimming their page, its yet another silo, due 
to the fact of PGP and their own infrastructure.
So federation and using your own domain does not seem feasible, right? Anyone 
want to discuss this and the alternatives besides OTR? Security labels?

When I see something like this I get exited to start with because I actually 
want something like this on the client/server part, but then later on gets down 
to earth when it seems out of the standards. Or is it just me?


I think the most interesting aspect of projects like this is the 
addition of some form of end-to-end encryption. If you want to be 
involved in an effort like this, I strongly recommend you get on the 
IETF XMPP WG mailing list and discuss Matt Miller's draft [1].


This is basically the result of several attempts to standardize e2s 
encryption for XMPP. It needs more eyes, implementations and feedback.


[1] 

--
ralphm

[Standards] Heml.is and federation..

2013-07-12 Thread Steffen Larsen 
Hi,

I just stumbled upon https://heml.is, which is a new XMPP client for IOS and 
Android. Anyone knows these guys?

It uses XMPP and PGP for encryption, but do any of you guys know if they 
federate?.. What I can see from skimming their page, its yet another silo, due 
to the fact of PGP and their own infrastructure.
So federation and using your own domain does not seem feasible, right? Anyone 
want to discuss this and the alternatives besides OTR? Security labels?

When I see something like this I get exited to start with because I actually 
want something like this on the client/server part, but then later on gets down 
to earth when it seems out of the standards. Or is it just me?

--
Venlig hilsen / Best regards

Steffen Larsen, Founder & CEO
Mobile: +45 51 94 33 33
BrainTrust / http://www.braintrust.dk