On Thu, Nov 28, 2013 at 10:16:00AM +0100, Andreas Kuckartz wrote: > If it turns out that not even the rather limited requirements regarding > encryption which are stated in the manifesto will be satisfied by a > significant subset of XMPP servers then it well seal the fate of XMPP as > far as I am concerned.
How is XMPP any different then SMTP in this manner? Lack of mandatory S2S encrypted links hasn't made it any less viable. (And before you bring it up, mandatory S2S crypto won't solve the spam problem either, judging by the amount of email spam I get that was submitted via authenticated SMTP..) Oh, to go back to your comment, how do you consider the manifesto's encryption requirements to be "limited"? Even if we eventually put aside the hard requirement for encrypyed S2S links, it's still a vast improvement over the former status quo. There are three major problems holding up the achievement of the manifesto's goals. The first is purely technical; server software has to be updated to automatically (and transparently) use approrpriate crypto if possible. This is actually the easiest part, and it's not ready yet (at least in the case of jabberd2..) The second is that every XMPP service operator is required to pay for a third-party for a TLS certificate. This isn't a large cost in absolute terms, but does raise the bar for entry, and represents an ongoing cost. (Anectdotally, most smaller operators, myself included, were using self-signed certs to enable secure C2S credential exhange.) The third is one of apathy, specifically when it comes to the established players that are more than likely using proprietary server software. They have to be convinced that the they (and/or their users) benefit enough to make the cost worthwhile. > And if the future of XMPP depends on Google Talk then XMPP is doomed anyway. Without Google, XMPP (S2S) simply doesn't have enough of a mass userbase to be viable, IMO. The mass markey simply doesn't care about technical "quality". (Witness every mobile-messaging-app-du-jour overnight ending up with more users than non-google S2S-enabled XMPP..) What makes that particularly sad is that XMPP (C2S) is more popular than ever... It's just that the major operators (eg Facebook) use XMPP C2S as the interface to a proprietary walled-garden IM system that they have no intentions of opening up. Put another way -- XMPP is not failing (nor will it fail) due to technical deficiencies. The problem is purely political/economic in nature. The big players consider interoperability a liability rather than a strength, which is an understandable, if highly disappointing attitude. Sigh. - Solomon -- Solomon Peachy pizza at shaftnet dot org Delray Beach, FL ^^ (email/xmpp) ^^ Quidquid latine dictum sit, altum viditur.
pgpXalviq_Jqa.pgp
Description: PGP signature
