On Friday 16 March 2007 8:08 pm, Peter Saint-Andre wrote: > Mridul wrote: > > I always considered 3923 a pretty decent idea since it was practical ... > > Practical, other than the PKI dependency (or can you use self-signed > certificates?) and the CPIM usage (which developers hate, there are no > CPIM parsers) and the MIME stuff (very much not jabberish). As someone > once said, S/MIME is the only known security technology with more > implementations than users. :)
You could use self-signed certificates if you don't want to drag in the PKI. This should be the case with any X.509-based protocol. True, CPIM and MIME aren't very Jabber-ish. We could get rid of those if we wanted to and just use S/MIME alone (which, I wrote a JEP proposal for, if anyone remembers). That said, if there were a simplicity contest, CPIM and MIME would win against most of the other e2e suggestions, so I wouldn't be afraid of having to implement them. :) Unfortunately, S/MIME doesn't provide forward secrecy. For live chat, we can do better. -Justin
