> I don't disagree at all -- convincing the developers of your favorite > IM client to support OTR (in all likelihood) is also important. But, > this is the [email protected] list and I think that operators of XMPP > service also need to clean up their act with regard to security.
Of course. I just want to make sure that everyone understands this point: For the user, theres no difference between if c2s or s2s is encrypted or not. The user has no control over this and has no way to enforce it. It may help to obfuscate his communications a bit. But as soon as an attacker is able to do statistics or capture traffic at any point of the communication he is lost. rm
