-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Somebody claiming to be Justin Karneges wrote: > On Wednesday 20 May 2009 19:28:30 Stephen Paul Weber wrote: > > 1) What do people think of also signing the content of the <x > > xmlns='jabber:x:encrypted'> element, to get encrypted and signed messages > > (instead of just encrypted messages and signed presence) > > However, after our last e2e security discussion, I believe there was some > consensus that we should offer both session-based and single message > security. So, we may seriously pursue PGP encrypted+signed single messages > once again.
That would be really awesome :) > > 2) What do people think of clearsigning <body> on a message in line with > > OpenPGP? > > I don't think we should use clearsign in IMs. It would be silly if clients > not supporting PGP were to display all of that clearsigning garbage in a chat > window. For XMPP, it would make the most sense to have the <body> contain > just the text message, and separate elements would be used to handle the > signature/etc. Well, I was thinking more for uses of XMPP outside of IM, but I agree that either way it is not ideal. > > It would be really awesome if the same keys/mechanisms could be used for > > signing (/encrypting) XMPP messages as email messages, in general, since > > this makes a lot of multi-mode applications much easier to work with. > > You can read the dead sea scrolls: > http://xmpp.org/extensions/inbox/secure.html That's basically exactly what I'm looking for... or something very like that, anyway. A "clearsign" style idea where one can sign the stanza without affecting the ability of unsupporting clients to interpret the data would be a nice bonus, but otherwise it's really good. Of course, given it's age I expect that people don't like it for some reason, or else it would have progressed furthur by now. - -- Stephen Paul Weber, @singpolyma Please see <http://singpolyma.net> for how I prefer to be contacted. edition right joseph -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAEBCAAGBQJKFMsOAAoJENEcKRHOUZzekEEP/iFfHGJYlLds8MxVz8LlGpvP tPMJ7yh/rs5XmzinlA6qBTRDesNhx69p62KCLaYBBZQh1vw0FR7e+pdzynh+kpqn rGTnhE7DBU11A5UedQ/kz+8qrxe70uFQ3lzOoYtLN2plXCzBEPUo5HD/3HJowhZj Iewco/GDLq80350ck5iqVcv1wwvMWAjbG2YJokeaE6P8rZrbiocZ77LO9WE2THW0 UW0MCbtf25dBLt9BE+GxN4edNQ8f9sJMtpASvx3gyD0EsNPn3EYVp4luTOMPHIKk +r9kyuhNETmOjTjKgMTxPsmeeg9/de1Tl/Pl5uff1bP4uc6OTskHG4ML4jg96etM G4lLvZY2A38J7T0eFSV5rHY0URCNU1Y9uoSuaOkvXY4fkJULKhM3dM4rxFeCzNTf iZfW8bYV+xxXIaEqiV8/b0pFdfUVChdPIJ7unZQ5vbrL6k4TAgHpnPngVdIiDPxB 2zMYijUJ+P29Q5qbXNYZK8xyyOrPToh/eHU0H0K2x+uoNnE1Wm9M+yi0jO5sS27Y jsPfPl+VYmQJl0m++BLvMGOKK1dL4rsYEmwOWDK8NtIenTjDdR08jatkMkGZa3Jg WVovGpbrEQZYaUBKGQiDvvcDV8plaASFDd+aJ0ApmAmvqsBHSzATV7SxA2g4a6KF xtL5TyEDqpTb7hibHSPL =64h9 -----END PGP SIGNATURE-----
