On Thursday 08 November 2007 3:34 pm, Peter Saint-Andre wrote: > In general, we decided (again?) that only ESessions and XTLS really make > sense to pursue further (i.e., not OpenPGP, S/MIME, OTR, or xmlenc).
To explain: - At the meeting, Perfect Forward Secrecy (PFS) was decided to be a requirement (maybe this same decision was made in the past, but this was the first meeting I was involved in to witness it). This decision essentially rules out public-key based object encryption (OpenPGP, S/MIME). Note that this does not necessarily rule out using those formats for signing or trust bootstrapping. - OTR basically offers the same security features as Esessions. Both are not proven, but Esessions fits XMPP better. - xmlenc symmetric encryption could have been considered as a building block for Esessions, but I assume this was already decided against. This leaves only Esessions and XTLS to be analyzed further. Esessions claims to do everything we want. However, it is not proven. Last time we invited security folks to inspect Esessions, we were immediately told to give up and just use S/MIME. We don't want to use S/MIME, because it doesn't support PFS. However, we also don't want to give the finger to the security community. That leaves us with one choice really: look for a similarly proven protocol that meets our requirements. The closest match seems to be TLS (hence, XTLS). -Justin
