On 9/3/17 12:29 AM, Evgeny Khramtsov wrote: > Sat, 2 Sep 2017 19:56:44 -0600 > Peter Saint-Andre <[email protected]> wrote: > >> Back when we pushed for encryption of server-to-server traffic, the >> spam problem did not exist. > > SPIM existed in Russian segment of jabber a long before it,
True. > so for me, > nothing has been changed in recent years. > >> I see no reason why we can't solve both problems... > > Well, if we only tried. Instead, in standards@ list I see: jingle > encrypted transport, some hash function discussion, jingle > unsupported-security, ciphers XEP, retracting public keys and this is > only in the last 2 months. According to the list, we have severe > security problems, where a lot of users lose their passwords, their > sessions are MITM'ed and hijacked, but we have absolutely no problems > with SPIM. > I don't disagree with you! I'm just saying don't blame server-to-server encryption (which was easy) for the lack of focus on solving the spam problem. Look, programmers love to think about technology. What's more exciting than thinking about crypto? Wow, that's fun! In the meantime, the real needs of users are ignored. It seems that the Jabber/XMPP community has been too tech-focused and insufficiently user-focused for quite a while. We server operators are often closer to the users than the programmers are, so we are well-placed to push this forward. Peter
signature.asc
Description: OpenPGP digital signature
