-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would like to suggest that we change XEP-0027 from Active to Deprecated (and then Obsolete). The technology is no longer in wide use, and it has so many problems that I don't think we want to actively suggest that people implement it.
Peter - -------- Original Message -------- Subject: Re: [cryptography] Is it just me or is this fundamentally broken? Date: Mon, 04 Mar 2013 18:24:46 -0700 From: Peter Saint-Andre <[email protected]> To: Peter Gutmann <[email protected]> CC: [email protected] On 3/4/13 4:42 PM, Peter Gutmann wrote: > Quoting http://xmpp.org/extensions/xep-0027.html#signing: > > Signing enables a sender to verify that they sent a certain block > of text. [...] The text that is signed MAY be the empty string. > > (There's no metadata or anything there, just a raw signature). No one uses XEP-0027 these days, they all use OTR. The PGP integration with XMPP clients was an early experiment in the Jabber community before we even called it XMPP. Think 13+ years ago. But clients never signed empty strings, although we never fixed the spec because no one was using the technology. I'll push to make the spec Obsolete. Peter _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRNiWjAAoJEOoGpJErxa2pwBIP+wYbcWb84Iu29W7v2Btyr9IK DWyVNW+D3DSj8gj6RWa6Puo/wfGkTcsQLrnjdRbvR2x7rSY/nJ6UNnx8L3hDiM0Y m1euxKXNxwLrRu0rlQjoKQcWM7+zYSzstsgYC1uHywFdd2x7ms6Nw8TUTKU6h/eE VA4g2ogj/m6LyCEuL8dseea73lofltd2tuJ1rDAcjpKKPtYvY4i67Va7tIj2fpg3 d0C+1hMs2+QZ9npfg+v7rA22EPZ2Rm+zWZpXyuVRlbDYZ2VGdkgrOo85FhyGn04G AWxlV9n/CkDOKU9JCHfZwovSz3+jJPcgseChtZ5GhwVEw9RLS/f61wAZvDkraLVF lh1x9qbO28j5IjZNtWxOoPbxhfh2diIWI1IH28yh9M+eftK/h4INuwUfOaGR3Ryt NbgPEcWDvZhoOzk6V9zMOwVn1PkLVM+01V5pnkBRISkPAlTxmENi6WIpvH1xePRw 0xduvwdK3Amvsb93e1FK83Kgm8FKi+va3WvFHpkRNVSg1YAMvO8/CO4Y4wC60Wao aPzuxefxqAJ2tZCUnxQJd/dufOLgl3EMj2J+dl+j9TWE/n8mjyhN6iXGMr5FV9w9 mD7zwurkRW4CmVK7twn54TGdF3QAzAMQ/tQFViTLbdI2qjOl9PbEN4cL4q4M5Fut XXI2PIYmhZG5V3UYfN4s =/8mE -----END PGP SIGNATURE-----
