> URL: https://xmpp.org/extensions/inbox/xep-sce.html
I think this is an important step in the right direction. Thanks for putting the work into it. I don’t have any blocking issues myself, either, I think, but there are a few points I’d like to note. 1. as Dave noted, this document could use a lot of clarification on the definition side of things. This seems particularly important for a security protocol where lax definitions where people have to guess what’s up can lead to security issues. 2. The document mentions encryption of IQ stanzas. It would be great to have an example of that, especially since the existing encryption schemes do not take IQs into account at all. 3. The only example in the Use Cases section is a negative example; I’m not sure this is great from an overview perspective. I think this is, if at all, more suited for the Motivation section, and the Use Cases section should show an encrypted message with the corresponding <content/>, similar to what other XEPs do, describing the workflow of encrypting and decrypting data. 4. The XEP introduces some concepts to prevent certain types of attacks, but does not mention those (attacks) in the Security Considerations. 5. It does not discuss why existing options like xmlsec have not been used. As mentioned, these aren’t blockers for Experimental for me. I find (1) and (5) particularly important before advancement to Draft though. kind regards, Jonas P.S.: My GPG key was recently renewed. If you have problems verifying the signature of this message, try to refresh my key from the keyservers.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
