On 09/27/2009 03:13 PM, Peter Saint-Andre wrote: Hi,
[...] > Good point. I will reach out to the RSA folks soon to educate them a bit > about XMPP. [...] > Agreed. A post at blog.xmpp.org is in order... Thanks a lot Peter. But maybe we should ask ourselves too what we can do to educate people about XMPP. For example I think it might be helpful to have two white-papers at hand: one short white-paper that gives an short introduction to XMPP and Jabber. This paper might be brought under the attention of people looking for an overview on the technologies, but it may also serve as base for short XMPP/Jabber 101 lectures. The other white-paper I see use for, is on XMPP-security. This paper should give an overview of the various security mechanisms present in XMPP, how different implementations deal with these mechanisms, the gaps that are still there and how we try to close them. Such a paper might be a starting-point for people who want to know more about XMPP-security. Think about e.g. system/network administrators who want to assess the risks of XMPP/Jabber or about a security research who needs a starting point for researching XMPP-security. And to put my money where my mouth is: I volunteer to contribute to those papers, but I can't write them in my own, for several reasons: - I work only with a small subset of XEPS and have only hands-on experience with a small subset of the available servers and clients. I might miss important things or even worse, get things wrong when I try to do this alone. - As with all security related work: it is too important to leave it in the hands of one person. - My recent mishaps have shown that my English isn't native enough for such a project. I will need at least one native speaker to translate my Dunglish to English. ;-) So, do you think such white-papers have enough added value to invest some time in them (or to encourage others to invest some of their time in them)? Are you willing to comment on outlines and drafts? Do you want to write parts of such papers? BTW: I personally strictly use XMPP only for the protocol and Jabber only for the public XMPP-network, but that distinction doesn't seem to be generally adapted here. Should we try to separate the words XMPP and Jabber a little more or not? I think it might help when convincing people that something bad done with the protocol isn't equal to bad things happening on the network and visa versa. best wishes, Winfried -- http://www.tilanus.com xmpp:[email protected] tel. +31.15.3613996 / +31.6.23303960 fax. +31.15.3614406
