Re: [xmpp] End-to-End Encryption Milestone

Bjoern Hoehrmann <> Fri, 21 February 2014 20:40 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E2A291A025F for <>; Fri, 21 Feb 2014 12:40:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SNt4FwqaYcmS for <>; Fri, 21 Feb 2014 12:40:43 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 50A231A0253 for <>; Fri, 21 Feb 2014 12:40:43 -0800 (PST)
Received: from netb ([]) by (mrgmx101) with ESMTPSA (Nemesis) id 0M4jbN-1XCsVl3VpV-00z2FR for <>; Fri, 21 Feb 2014 21:40:37 +0100
From: Bjoern Hoehrmann <>
To: Ben Campbell <>
Date: Fri, 21 Feb 2014 21:40:44 +0100
Message-ID: <>
References: <>
In-Reply-To: <>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:aMLe9Oe+cEz0PLOsII44nReOv1rMPHCn/pSnqRBDAvUUX3Bgjmw ctnQNN2vKUsX+/ejHhOVMbcVSWloURl2hN2fZOMKVNg2Xf/ErBlV5L4S/HIE907vV7493cF hr4O0Hz1igZOLELzE2MKkAlEzYjGnRsPSvB6fvzdIzm356tOMa1THNrKpgyYP9PLp0GaAe5 jaL/wS6y0qO+aBHvZI1GA==
Cc: XMPP Working Group <>
Subject: Re: [xmpp] End-to-End Encryption Milestone
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 21 Feb 2014 20:40:46 -0000

* Ben Campbell wrote:
>The XMPP working group has a milestone for "Define a solution for 
>end-to-end encryption." We have not seen much activity there of late, 
>and it has been suggested that we may need to delete that milestone due 
>to insufficient interest and energy.
>Who is still interested in contributing effort to complete this 
>milestone? That is, in discussion, review, and perhaps even writing 
>Who expects to implement and/or deploy such a solution, once we have one?
>Are other approaches (e.g. OTR, TLS everywhere, etc) likely to be "good 
>enough" that we don't need to do more work?

I intend to review mature specification proposals, and would probably
participate in requirements discussions if needed. It is possilbe that
existing solutions are "good enough" but there are obvious deployment
issues; it might be useful or even sufficient to produce an overview
specification possibly with recommendations. I think it would be use-
ful to send your questions to the `perpass` mailing list, there might
be volunteers there.
Björn Höhrmann · ·
Am Badedeich 7 · Telefon: +49(0)160/4415681 ·
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 ·