Hello Goffi,
XEP-0027 has serious security concerns, especially regarding reply
attacks and key verification (you can read those in the Security
considerations paragraph of the XEP). It's true that a real
replacement hasn't been drafted yet (there are some drafts, but
nothing really definitive or
G'day,
I have a few questions about OpenPGP. XEP-0027 has been obsoleted by
council on 26/03/2014, but I can't see no explanation.
OpenPGP is not the best for instant messaging (and OTR is the de facto
standard), but still it's interesting for normal messages (e.g. with an
SMTP gateway),
On 31/07/2015 10:27, Daniele Ricci wrote:
Hello Goffi,
XEP-0027 has serious security concerns, especially regarding reply
attacks and key verification (you can read those in the Security
considerations paragraph of the XEP). It's true that a real
replacement hasn't been drafted yet (there are