Peter Saint-Andre - &yet <peter <at> andyet.net>
2015-02-13 17:49:58 GMT
We're close to finishing all of our deliverables (6122bis, POSH, DNA)
other than end-to-end encryption ("e2e") - IMHO they can all be sent to
the IESG by, say, the end of April.
I know we plan to talk about e2e at IETF 92 in Dallas at the end of
March, but I figured it would be good to start a list thread before then.
To be blunt, we (narrowly the XMPP WG but more widely and importantly
the XMPP community) have failed to deliver an e2e technology. It's not
for lack of proposals over the years: PGP, S/MIME, XML encryption,
SIGMA, e2e TLS, OTR, and JOSE-based signing and encryption have all
flitted across the stage.
To also be blunt, I don't think we have the right people in the room
here to make significant progress on e2e. I don't think the XSF has had
the right people in the room, either. I am of the opinion that, in order
to move forward, someone - probably the XSF - needs to get all the
relevant client and library developers working together. By which I mean
writing code, experimenting with alternative approaches, meeting in
person for interop testing, hashing out spec details, etc. That will
require funding (which the XSF might be able to raise and provide),
dedicated energy among developers, and a real attempt to push forward
together as a community.
This isn't the place to make an organizing proposal for such an
initiative. Although it is possible that the IETF or the XMPP WG could
work in concert with the XSF or the XMPP developer community on such an
initiative, that has its own challenges. In any case, I don't think the
IETF can really find rough consensus until we have the relevant
developers engaged to write some running code.