On Nov 7, 2013, at 7:20 AM, Alexander Holler <[email protected]> wrote:
> Am 07.11.2013 15:54, schrieb Alexander Holler: >> Am 07.11.2013 14:44, schrieb Andreas Kuckartz: >>> Alexander Holler: >>>> I didn't speak about production environments. The manifesto affects all >>>> users and a lot of them don't (have to) care about production >>>> environments. >>>> >>>> E.g. my server only has to serve my needs and nobody else ones. So I can >>>> make a lot of compromises up to the fact, that I don't care if the NSA >>>> or GHCQ would be dumb enough to snoop on my communications which happens >>>> over my XMPP server (which isn't that much). >>>> >>>> But I care if my server wouldn't be able to communicate with other >>>> servers because they require e.g. TLSv1.2. >>> >>> If a non-production server is communicating with a production server the >>> combination is a production system. In such cases the production server >>> must enforce the requirements in the interest of the users of the >>> production server. >> >> So you want to enforce military grade encryption for all users of XMPP? >> >> It's like the wish to make all the telephone systems to use high >> encryption. >> >> Good luck with that. In my humble opinion thats just a way to get rid of >> users and therefor a nice but silly dream. > > I think a realistic solution is to show users the state of their > communication and therefor make the aware of the fact if e.g. a message is > believed to have traveled secure or unsecure ways. > > That's already mentioned in the manifesto and I like that a lot. > > A possible solution could be to add an attribute to messages (or all stanzas) > which details the used communication way and the used encryptions to > transport that message/stanza. I don't know if such was already written down > in an XEP, but I would like that a lot. > That has came up in some side discussions at the IETF meeting in Vancouver. XEP-0334, while specifically for <message/> stanzas today, might be able to provide such a flag (e.g., <require-tls/> or some such). - m&m Matthew A. Miller < http://goo.gl/LK55L >
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
