Adam Back wrote:
Well I think security in IM, as in all comms security, means security such that only my intended recipients can read the traffic. (aka e2e security).I don't think the fact that you personally don't care about the confidentiality of your IM messages should argue for not doing it. Fair enough you don't need it personally but it is still the correct security model. Some people and businesses do need e2e security. (It wasn't quite clear, you mention you advised jabber; if you advised jabber to skip e2e security because its "too hard"... bad call I'd say).
No one advised any such thing, and e2e was a requirement addressed within the IETF by the XMPP WG, resulting in RFC 3923.
Peter
smime.p7s
Description: S/MIME Cryptographic Signature