On 15/07/2024 21.51, Tim Henkes wrote:
2. Are encrypted direct client-to-client channels a thing?There is JET [2], but it seems to focus on key negotiation (which I would do differently) […] There's also a XEP called jingle-xtls [3] in the Inbox, but it's even more abandoned than XEP-0247 and also seems to focus mostly on the key negotiation, which again I would do differently.
Could you elaborate on how you would the key negotiation. While it's always interesting to hear the how others would make things different, or maybe their design is based on different assumptions/starting points, I think it's also relevant to this discussion.
In any case, I think most specifications are simply abandoned due the lack of implementation(s). Many probably never ever had a prototype implementation, let alone two interoperable implementations.
Isn't "all we need"™ an encryption/authentication layer over (bidirectional) streams potentially negotiated by Jingle? And for the latter, there is the <security/> element which JET (xep391) / jingle-xtls also uses.
- Florian
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
