On Thu, Aug 22, 2013 at 8:38 AM, Ralph J.Mayer <[email protected]> wrote: >> I don't disagree at all -- convincing the developers of your favorite >> IM client to support OTR (in all likelihood) is also important. But, >> this is the [email protected] list and I think that operators of XMPP >> service also need to clean up their act with regard to security. > > Of course. > > I just want to make sure that everyone understands this point: > For the user, theres no difference between if c2s or s2s is encrypted or not. > The user has no control over this and has no way to enforce it. > > It may help to obfuscate his communications a bit. But as soon as an attacker > is able to do statistics or capture traffic at any point of the communication > he is lost. > > > rm
I would appreciate a how-to that shows the implementation of WebID (W3C) that is enforcing along the message path. While my perspective is from the client, like having a set of preferences along the many s2s paths, I'm sure there is a server side perspective that is more implementable. Path quality is an important issue. The point is to have encrypted transport that does not inherit the weaknesses of depending on a CA. just some thoughts - much thx - Ed
