-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/05/2013 12:04 PM, Peter Saint-Andre wrote: > I would like to suggest that we change XEP-0027 from Active to > Deprecated (and then Obsolete). The technology is no longer in > wide use, and it has so many problems that I don't think we want > to actively suggest that people implement it. >
+1 for being proactive at clearing out older (and unwise) info > Peter > > > -------- Original Message -------- Subject: Re: [cryptography] Is > it just me or is this fundamentally broken? Date: Mon, 04 Mar 2013 > 18:24:46 -0700 From: Peter Saint-Andre <[email protected]> To: > Peter Gutmann <[email protected]> CC: > [email protected] > > On 3/4/13 4:42 PM, Peter Gutmann wrote: >> Quoting http://xmpp.org/extensions/xep-0027.html#signing: > >> Signing enables a sender to verify that they sent a certain block >> of text. [...] The text that is signed MAY be the empty string. > >> (There's no metadata or anything there, just a raw signature). > > No one uses XEP-0027 these days, they all use OTR. The PGP > integration with XMPP clients was an early experiment in the Jabber > community before we even called it XMPP. Think 13+ years ago. But > clients never signed empty strings, although we never fixed the > spec because no one was using the technology. I'll push to make the > spec Obsolete. > > Peter > > _______________________________________________ cryptography > mailing list [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography > > > - -- bear xmpp agitator; ops curmudgeon; generalist http://bear.im/about http://bear.im/pubkey.txt 0A93 9BA7 8203 FCBC 58A9 E8B5 9D1E 0661 8EE5 B4D8 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRNiY7AAoJEJ0eBmGO5bTYyOYP/2v6Tbtn1exoZjd+dE33T4Bj Qnk4HsNwfGyxJWbts2kHWqCHkfKD7xgUxekcKSz5Joh7LLAeMZXtonndwhiCyI/q /09oMbpozzcSei6nADZHk3ElYypDkzC45ti6UhfoTJdfkESu+7ELyRDjfpOWp2ga aoLo8K6ZFYYnNz56J34V+RggsQssQdA2cJt/lj+GjnJ3VUeI+S0JAC0XTvpdBI9E GqZH2uKSGKWaDztbe75wtKiEVXqxSMpJIIfJ7u+BGXkLr1rf01kxeO25pDHIH3yl dApFWI183dxWHUmjh0iVRkGwolNH3Ry5c+AnL3hyWwVTaRanCnsPRuXOQLoWM8y1 wHdrR6yEwFTA93Xxljr+o1LyBb4hf5Gpm3w7Kn8ZNlc4vA4w2Ou+5F7Upg8VAoYP MqapFKXqT3lNcR79zVXY2NXz1IHqZxwWQNHW/ytAxgJSTzaHihfOhIaImN0IU5/M Ajv36eW/kqXnX/VfOBRBRTr+SVFdD6A1iURL3emCkpzDpgSryJr5F32DGrKloA+x V9O9VbrwIi8xqGJcpiJU9ttxTnHD1j3J4MknT5z6b8O/725QsZCNXSU8rW+YJ2u/ htxBVWh1d248GXG+jkDG2dlP1GZKjjjsEOw3GCjwN/G8Aa/sjcel7rOV0YLxZ8Py c92JTNJcyh+cXkATF5lO =nyK4 -----END PGP SIGNATURE-----
