Am 25.11.2008 um 14:41 schrieb Dave Cridland:
If Gajim, for example, negotiates and end-to-end XML stream (XEP-0246), and then negotiates TLS on top of that (RFC 3920), then that's most of the heavyweight aspects actually deployed - hardly nothing. Jingle itself is also well deployed.
Jingle still isn't in Gajim, it's a branch.That's one of the things I criticized most about C2C TLS: The need for Jingle as a transport. It would be far better to have another transport that works in-band and is easy to implement, IMO. If we could drop the dependency to Jingle and have something like SAS, I'd have no problem with it at all :). (Well, key generation sucks, but it's only at the first start of the client, anyway, so that advantage of ESessions isn't too big.)
The bit that's missing is the XEP-0247 negotiation, basically.
Hmm, that makes me wonder why no client has implemented it yet.
No, lots has changed in the past six months - that timeframe includes the publication of the XEPs you appear not to have noticed.
Ok, point taken, they have been released as XEPs, but honestly: Did that change anything to the current situation? I don't think so.
Everything appears dead before it's used, so this is just fear mongering. ESessions, too, was dead. Still is, arguably, since only the one implementation exists, and there's no sign of another on the way.
Well, there are no other implementations anyway because all devs of other clients refused. Brandan Taylor offered to port his implementation to C and make it a library, which would make it easy to integreate it into other clients. Maybe even easier than C2C TLS.
No, I've clearly stated that we have a heck of a lot more, in some respects, in XTLS than ESessions, most especially in the foundation cryptographic layers.
One working ESessions client vs. no client at all that has a complete C2C negotiation, that is.
-- Jonathan
PGP.sig
Description: This is a digitally signed message part
