[jdev] manifesto 0.4
Matt Miller
linuxwolf at outer-planes.net
Thu Nov 7 16:53:38 UTC 2013
On Nov 7, 2013, at 7:20 AM, Alexander Holler <holler at ahsoftware.de> wrote:
> Am 07.11.2013 15:54, schrieb Alexander Holler:
>> Am 07.11.2013 14:44, schrieb Andreas Kuckartz:
>>> Alexander Holler:
>>>> I didn't speak about production environments. The manifesto affects all
>>>> users and a lot of them don't (have to) care about production
>>>> environments.
>>>>
>>>> E.g. my server only has to serve my needs and nobody else ones. So I can
>>>> make a lot of compromises up to the fact, that I don't care if the NSA
>>>> or GHCQ would be dumb enough to snoop on my communications which happens
>>>> over my XMPP server (which isn't that much).
>>>>
>>>> But I care if my server wouldn't be able to communicate with other
>>>> servers because they require e.g. TLSv1.2.
>>>
>>> If a non-production server is communicating with a production server the
>>> combination is a production system. In such cases the production server
>>> must enforce the requirements in the interest of the users of the
>>> production server.
>>
>> So you want to enforce military grade encryption for all users of XMPP?
>>
>> It's like the wish to make all the telephone systems to use high
>> encryption.
>>
>> Good luck with that. In my humble opinion thats just a way to get rid of
>> users and therefor a nice but silly dream.
>
> I think a realistic solution is to show users the state of their communication and therefor make the aware of the fact if e.g. a message is believed to have traveled secure or unsecure ways.
>
> That's already mentioned in the manifesto and I like that a lot.
>
> A possible solution could be to add an attribute to messages (or all stanzas) which details the used communication way and the used encryptions to transport that message/stanza. I don't know if such was already written down in an XEP, but I would like that a lot.
>
That has came up in some side discussions at the IETF meeting in Vancouver. XEP-0334, while specifically for <message/> stanzas today, might be able to provide such a flag (e.g., <require-tls/> or some such).
- m&m
Matthew A. Miller
< http://goo.gl/LK55L >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://www.jabber.org/jdev/attachments/20131107/d038c215/attachment.pgp>
More information about the JDev
mailing list