On 03/23/2009 09:28 PM, Jack Moffitt wrote: Hi,
> This looks good. I'm not sure we need language so strong as to > reommend E2E in general. Perhaps we could say if data privacy is > desired, then it is recommended. In most cases, people probably don't > care. Agreed. So we can change: === Because there is no way for the client to be sure that the BOSH service encrypts its connection to the application, it is RECOMMENDED for the client encrypt its messages using an application-specific end-to-end encryption technology; methods for doing so are outside the scope of this specification. === into: === If data privacy is desired, it is RECOMMENDED for the client encrypt its messages using an application-specific end-to-end encryption technology, because there is no way for the client to be sure that the BOSH service encrypts its connection to the application; methods for doing so are outside the scope of this specification. === or should it be: === If data privacy is desired, the client SHOULD encrypt its messages using an application-specific end-to-end encryption technology, because there is no way for the client to be sure that the BOSH service encrypts its connection to the application; methods for doing so are outside the scope of this specification. === Winfried -- http://www.tilanus.com xmpp:[email protected] tel. 015-3613996 / 06-23303960 fax. 015-3614406
