Hello everybody,
My name is Michael Fischinger and I am doing some research at the Salzburg
University of Applied Science, in particular its about XMPP security.
I just read through the latest internet draft about End-to-End Object
Encryption and Signatures for the Extensible Messaging and
So my question is: What is actually the problem with the latest XMPP
end-to-end encryption and signing approaches and why isn’t it safe against
malicious server operators and sniffing of direct client-to-client
transmissions? And is there anything else I should know?
Nothing is wrong with
Hi Michael,
So my question is: What is actually the problem with the latest XMPP
end-to-end encryption and signing approaches and why isn’t it safe against
malicious server operators and sniffing of direct client-to-client
transmissions? And is there anything else I should know?
The XMPP
On 1/29/15 12:13 PM, Philipp Hancke wrote:
[...]
All of them except RFC 3923 are marked as not recommended to
implement, but it's confusing nonetheless.
I think the author of 3923 has never seen or heard of any
implementations :-)
We wrote RFC 3923 (and RFC 3922) so that we could get RFC
This is a great conversation and gives a great insight into standardization
politics. ;-)
--- sent from the hand
Op 29 jan. 2015 om 23:07 heeft Peter Saint-Andre - yet pe...@andyet.net
het volgende geschreven:
On 1/29/15 12:13 PM, Philipp Hancke wrote:
[...]
All of them except RFC 3923
On 1/29/15 3:25 PM, Cramer, E.R. (Eelco) wrote:
This is a great conversation and gives a great insight into standardization
politics. ;-)
Well, that was in some measure driven by who was on the IESG and general
IETF / IESG thinking at that time. Now things might be different.
Peter
--
