[JDEV] Re: XMPP implementation questions

David Banes dbanes at ozemail.com.au
Wed Jul 30 04:19:29 CDT 2003 

I'll be implementing the OpenPGP JEP in our new client as it's easy'ish 
to do. But I will need to make some changes to handle real time 
symmetric key exchange as using assymmetric for encryption is just not 
viable. therefore I'll have to a) except my client won't do OpenPGP with 
any other client, or b) work out how to update the existing JEP, which 
is probably not a good idea, or is it?

Basically, I'm mirroring the functionality I have already tested and 
know works in our older (non-Jabber) client until I can see a clear way 
ahead. this gives us end to end crypto, including digital signatures.

David.

In <20030728230354.GG19125 at jabber.org> Peter Saint-Andre  wrote:
> At the recent IETF meeting, I was asked to follow up with the Jabber
> developer community about obstacles (or resistance) to implementing
> certain aspects of the XMPP specs (<http://www.jabber.org/ietf/>). The
> IETF folks perceive the presence of an active developer community as a
> Good Thing [tm], so I think they are interested in how likely it is 
> that the current developer community will implement the specs as 
> written.
>
> The main topics mentioned to me relate to security, specifically SASL
> for authentication, TLS for channel encryption, and CPIM + S/MIME for
> end-to-end encryption. Do people think they will be able to integrate
> existing libraries for these protocols into their applications (or 
> write their own support, as Rob Norris recently did for SASL in 
> jabberd2)? How likely is it that existing clients will implement draft-
> ietf-xmpp-e2e, which uses CPIM and S/MIME for end-to-end encryption?
>
> From discussions so far, my sense is that SASL and TLS support will be 
> added once it's in the jabberd server, but that client developers are
> fairly resistant to adding support for the end-to-end encryption spec
> given the need to parse CPIM formats (no existing libraries as far as 
> I know) and support S/MIME (for which there are libraries, although 
> the use of S/MIME is not very "Jabberish").
>
> Feel free to reply on or off list.
> 
> Thanks!
> 
> Peter
> 
> P.S. Yes, I owe the community an informational document that clearly
>      defines the differences between XMPP and Jabber for things like 
>      authentication and session initiation. I will write that document
>      by the middle of August.
>

More information about the JDev mailing list