Victor Duchovni wrote: > On Wed, Mar 01, 2006 at 06:15:36PM +0100, Ian G wrote: > >>>> Email is hard to get encrypted, but it didn't stop Skype from doing >>>> encryped IMs "easily." >>> >>> Likewise I have secured email communications with my wife via a single >>> key exchange, so what? Skype has not "easily" created an interoperable >>> federated system that secures all IM communications end-to-end, and >>> many of the issues in doing that are non-technical. >> >> Right. Nor did email create a single federated >> system that crosses across to mobile phones. There >> is always a boundary where a system stops. > > Federated accross millions of account issuing organizations, not > technologies, and email did do that, and IM did not. IM is like email from > a choice MCI, Sprint or AT&T, sure they can control the medium better, > but this is a temporary state of affairs...
Monolithic consumer IM services (AIM, MSN, Yahoo, etc. are like that. Existing federated IM standards (e.g., Jabber/XMPP) are not. >> The point is that the non-technical issues we >> are looking at here are *better* handled at the >> level of competitive systems, because they have >> incentives to solve them, whereas technical >> committees writing RFCs do not. > > These are closed systems that compete with each other, once > they become federated, they can no longer compete on end-to-end > security, because that is a property of the interoperability > framework, not the individual product. Also with millions > of account issuers, the abuse and identity problems become > just as bad as for email. The problem is intrinsic, is not > the result of lazy RFC writers. Well, in the Jabber/XMPP world we require authentication, servers must stamp the from addresses, and we use (at a minimum) reverse DNS lookups to verify server identities (or use certs with TLS + SASL-EXTERNAL if you want true server-to-server authentication). So I'd say the abuse and identity problems are not as bad in IM (at least the IM technology I'm familiar with) as in email. But you'd hope that we've learned a thing or two since email was invented. ;-) Peter -- Peter Saint-Andre Jabber Software Foundation http://www.jabber.org/people/stpeter.shtml
Description: S/MIME Cryptographic Signature