I'll be implementing the OpenPGP JEP in our new client as it's easy'ish to do. But I will need to make some changes to handle real time symmetric key exchange as using assymmetric for encryption is just not viable. therefore I'll have to a) except my client won't do OpenPGP with any other client, or b) work out how to update the existing JEP, which is probably not a good idea, or is it?
Basically, I'm mirroring the functionality I have already tested and know works in our older (non-Jabber) client until I can see a clear way ahead. this gives us end to end crypto, including digital signatures. David. In <[EMAIL PROTECTED]> Peter Saint-Andre wrote: > At the recent IETF meeting, I was asked to follow up with the Jabber > developer community about obstacles (or resistance) to implementing > certain aspects of the XMPP specs (<http://www.jabber.org/ietf/>). The > IETF folks perceive the presence of an active developer community as a > Good Thing [tm], so I think they are interested in how likely it is > that the current developer community will implement the specs as > written. > > The main topics mentioned to me relate to security, specifically SASL > for authentication, TLS for channel encryption, and CPIM + S/MIME for > end-to-end encryption. Do people think they will be able to integrate > existing libraries for these protocols into their applications (or > write their own support, as Rob Norris recently did for SASL in > jabberd2)? How likely is it that existing clients will implement draft- > ietf-xmpp-e2e, which uses CPIM and S/MIME for end-to-end encryption? > > From discussions so far, my sense is that SASL and TLS support will be > added once it's in the jabberd server, but that client developers are > fairly resistant to adding support for the end-to-end encryption spec > given the need to parse CPIM formats (no existing libraries as far as > I know) and support S/MIME (for which there are libraries, although > the use of S/MIME is not very "Jabberish"). > > Feel free to reply on or off list. > > Thanks! > > Peter > > P.S. Yes, I owe the community an informational document that clearly > defines the differences between XMPP and Jabber for things like > authentication and session initiation. I will write that document > by the middle of August. > _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
