On 3/24/09 4:34 AM, Winfried Tilanus wrote: > On 03/23/2009 09:28 PM, Jack Moffitt wrote: > > Hi, > >> This looks good. I'm not sure we need language so strong as to >> reommend E2E in general. Perhaps we could say if data privacy is >> desired, then it is recommended. In most cases, people probably don't >> care. > > Agreed. So we can change: > > === > Because there is no way for the client to be sure that the BOSH service > encrypts its connection to the application, it is RECOMMENDED for the > client encrypt its messages using an application-specific end-to-end > encryption technology; methods for doing so are outside the scope of > this specification. > === > > into: > > === > If data privacy is desired, it is RECOMMENDED for the client encrypt its > messages using an application-specific end-to-end encryption technology, > because there is no way for the client to be sure that the BOSH service > encrypts its connection to the application; methods for doing so are > outside the scope of this specification. > === > > or should it be: > > === > If data privacy is desired, the client SHOULD encrypt its messages using > an application-specific end-to-end encryption technology, because there > is no way for the client to be sure that the BOSH service encrypts its > connection to the application; methods for doing so are outside the > scope of this specification. > ===
Adding the "if" clause is fine with me. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
