I think we should go ahead by steps on this. I will shortly begin implementing a CPIM-based XEP-0027 [1] to at least avoid replay attacks and some other security issues. We could begin by defining a XEP for that and then move on to e2e encryption which is much more complex. Just my two cents anyway.
[1] http://xmpp.org/extensions/xep-0027.html On Mon, Nov 18, 2013 at 11:21 AM, Simon Tennant <[email protected]> wrote: > IMHO, e2e security would probably make more sense as a XEP and working group > that has the time to zoom into all the implementation details. > > S. > > > On 18 November 2013 10:30, Andreas Kuckartz <[email protected]> wrote: >> >> Peter Saint-Andre some time ago wrote: >> > On 7/16/13 4:27 AM, Carlo v. Loesch wrote: >> >> Since XMPP isn't suitable for keeping meta-data private I would >> >> presume that e2e privacy is out of scope for this mailing list, >> >> really. >> > >> > True. >> >> Where would the topic e2e privacy for XMPP be "in scope" ? >> >> Cheers, >> Andreas > > > > > -- > Simon Tennant | buddycloud.com | +49 17 8545 0880 | office hours: > goo.gl/tQgxP -- Daniele
