On Mon, Jul 07, 2014 at 09:11:24AM +0200, edhelas wrote:
I really think that we need to focus on an existent standard and improve it, and for me XMPP seem to be the perfect protocol for all theses things : - Standard IM + chatroom - Video/Audio conferencing (with Jingle, we are using it with WebRTC on Movim) - Pubsub (for newsfeeds, blogging) - Geolocation - Vcard4 support - SASL2 authentication - OTR support - Full encryption between the servers (https://xmpp.net/list.php) - and so on…
i dunno, but xml based protocol (attack surface), geolocation (privacy), video/audio conferencing (traffic analysis), etc are all attributes i do not want in a secure communication protocol and a protocol that supports these is considered bloated. also the huge amounts of known/guessable plaintext in xmpp are quite worrisome. i agree NIH is bad, but xmpp is as bad for a post-snowden adversary model. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt