|
|
|
|
|
|
by infosechandbook
1616 days ago
|
|
|
> Have you read the joinjabber.org security FAQ i linked? Not in detail as the OP linked to another article. We commented on OP's other article, not on your joinjabber.org security FAQ. > we were tired of FUD spread by articles like yours Where is the FUD? Your security FAQ mentions most, if not all, of our findings in the same or similar way. > Reality is more complex than a binary "is it secure?" Indeed. Unfortunately, the vast majority of people assume security is binary. Back to OP's article where they look at some isolated properties to then declare a protocol secure. |
|
|
Yes, but there is no fearmongering involved. I'm part of the people who appreciated your article for the technical arguments, but i strongly dislike the fearmongering vibe (unless we do the same with every other protocol which could be fun). I actually started to write that FAQ precisely because i was tired of the script kiddies on both sides claiming XMPP is either the best or the worst and this or that solution is so perfect.
> Back to OP's article where they look at some isolated properties to then declare a protocol secure.
Yes, that's a problem. Let's try to promote more informative resources. We joinjabber.org people appreciate all feedback and criticism to turn into docs. You're always welcome by xmpp:privacy@joinjabber.org?join chatroom if you have more info and/or would like to run more experiments in regards to privacy and security in the XMPP ecosystem.