On 18.11.2013 13:38, Steffen Larsen wrote: > Hi, > > On 18 Nov 2013, at 13:07, Andreas Kuckartz <a.kucka...@ping.de> wrote: > >> Simon Tennant: >>> IMHO, e2e security would probably make more sense as a XEP and working >>> group that has the time to zoom into all the implementation details. >> >> Can that be solved by an XEP ? >> >> What about this IETF draft? (I still have to read it) >> >> End-to-End Object Encryption and Signatures for the Extensible Messaging >> and Presence Protocol (XMPP) >> draft-miller-xmpp-e2e-06 >> https://datatracker.ietf.org/doc/draft-miller-xmpp-e2e/ >> >> There exist people who mention XMPP as belonging to "faulty >> technologies" for which they want to create alternatives: >> http://youbroketheinternet.org/ >> >> And I try to find out what can be done to improve XMPP regarding >> security and privacy. >> > > Well you can “always” run XMPP on top of TOR if you like that, if it is the > S2S routing that bothers you. :-) >
I think we might actually have gotten to the point where stanza routing is what bothers people. I.e. having a to and from stamped on a stanza. I don't think it's possible to get around the servers knowing this in XMPP. Between servers, we hope encryption helps to hide this information. End-to-end encryption IMHO is a separate issue. It is currently in scope for the XMPP WG[1] at the IETF. I also doubt anyone will complain if it is discussed here, or on the XMPP-security[2] mailing list. I think currently our best bet is Matthew Millers E2EE draft. Though I have to say it's rather complex. It also depends on the JOSE work being finished. There is some hope though that implementations would be rather simple once JOSE implementations are readily available. Peter Saint-Andre has also repeatedly stated he is working with the OTR folks towards an RFC document describing OTR. A related issue I'd like us thinking about is trust, key distribution and switching devices in general. It would be good if we could come up with a way that allows each device to have its own private/public key pair, but not requiring users to trust each public key individually. Problems when switching resources during an encrypted conversations are also way to commonplace right now. I think if we want any acceptance these are issues we should try to solve. Regards, Florob [1] https://tools.ietf.org/wg/xmpp/ [2] http://mail.jabber.org/mailman/listinfo/security