-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Seeing no deep objections, I'll bring this up at the next XMPP Council meeting on March 20.
On 3/6/13 2:15 AM, Winfried Tilanus wrote: > On 03/05/2013 06:07 PM, Mike Taylor wrote: > > +1 > >> On 03/05/2013 12:04 PM, Peter Saint-Andre wrote: >>> I would like to suggest that we change XEP-0027 from Active to >>> Deprecated (and then Obsolete). The technology is no longer in >>> wide use, and it has so many problems that I don't think we >>> want to actively suggest that people implement it. > > >> +1 for being proactive at clearing out older (and unwise) info > > >>> Peter > > >>> -------- Original Message -------- Subject: Re: [cryptography] >>> Is it just me or is this fundamentally broken? Date: Mon, 04 >>> Mar 2013 18:24:46 -0700 From: Peter Saint-Andre >>> <[email protected]> To: Peter Gutmann >>> <[email protected]> CC: [email protected] > >>> On 3/4/13 4:42 PM, Peter Gutmann wrote: >>>> Quoting http://xmpp.org/extensions/xep-0027.html#signing: > >>>> Signing enables a sender to verify that they sent a certain >>>> block of text. [...] The text that is signed MAY be the >>>> empty string. > >>>> (There's no metadata or anything there, just a raw >>>> signature). > >>> No one uses XEP-0027 these days, they all use OTR. The PGP >>> integration with XMPP clients was an early experiment in the >>> Jabber community before we even called it XMPP. Think 13+ >>> years ago. But clients never signed empty strings, although we >>> never fixed the spec because no one was using the technology. >>> I'll push to make the spec Obsolete. > >>> Peter -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRN/4lAAoJEOoGpJErxa2pW/YP/jXGrKsGTwycbkrt5h3D/AUd bxf4vJ1dLoceSjP0VwrQ4t3K9G8zRYTdH/qtSbhiY/A90dICgbOs1emsyxqEP5Sg Vdl71WcXp5W45egzB1TCoTsL3k+1uv3wSh2N6RkK3edH6TRUZAg5iSCOE+5hXlgm BCn1YQ1b8zS61JzjPwRvCPh/xWHAdYh3EHU6w53qUPz12LyD9wbYLyKwwT+NFw8M Zh4SkmLTl7Q8Fb99V+w3fAzLGs6EmcVPFsolJlE14M2Pnk73cohyreo4DKrOeFlO iykGnxD4xneue5KtsQt3rT52XGcq5LPBo2ZLMA/ZyGVWvbh2AouSWih8whb09xPk fBG0NmAvvtkJtQ9/c6FxejPVFWlvn0KYtAd2Qg3+sU0UDInUXZMWTAat60dXc0RV 7SdLgV8Rs1UkTF/Oxjdtvqtf01/3CM+M2QXywlb1jpxU1yDq4MgHtfIZ9Y7vuU/4 QWVt3vAY4HWsROIK2eDBxhF7L6/vhg4h+XF+wGhsEwLcbeOf36eE/oDHVkZLIPcO u7OP16fDB930CDcEum0acXxoP8CWWd52UYWGdPhe5X/kTYiiRMWrbRBNJnw51Ezf Gnx9asJMfJ73YJ4XIjUxA5HsjHQxl+zO8yVbBl5rQtjK7mR19uLSjvrocCX7/fTz yHG9OxE4ntou4C0MRJyk =EvKJ -----END PGP SIGNATURE-----
