Introduction

Greetings! I just joined this list so I thought I would say hello.

Since 1999 I've been working on an XML messaging technology called XMPP
(a.k.a. Jabber), mainly as author of RFCs 3920-3923 and dozens of XMPP
extensions. Recently the XMPP community has refocused on end-to-end security
because RFC 3923 (S/MIME signing and encryption using CPIM/PIDF payloads)
has turned out to be a non-starter for XMPP developers. At this point we are
casting about for workable signing and encryption solutions. Because XMPP is
at the core a technology for streaming XML in one-to-one "sessions" between
any two endpoints, we are currently working on an application profile of
Transport Layer Security to provide end-to-end encryption. However, that
does not give us the ability to sign messages (such as the messages used to
set up the end-to-end sessions). We might be especially interested in
signing of one-to-many messages (such as data notifications sent using the
XMPP publish-subscribe extension, for example things like weather alerts).
Therefore I have decided to take a second look at xmldsig. The sticking
point in the past has been c14n, but perhaps I can provide some input from
the XMPP developer community regarding that topic and other issues related
to xmldsig 1.1 and 2.0.

I'm extremely busy running the XMPP Standards Foundation (xmpp.org) and
contributing heavily to the renewed XMPP WG that may be started soon at the
IETF, but I will soon make time to provide a thorough review of the working
drafts published ~10 days ago.

Thanks,

Peter

Received on Tuesday, 10 March 2009 09:19:10 UTC