NPR : E-Mail Encryption Rare in Everyday Use

Peter Saint-Andre stpeter at
Wed Mar 8 15:55:16 EST 2006

Victor Duchovni wrote:
> On Wed, Mar 08, 2006 at 12:53:16PM -0700, Peter Saint-Andre wrote:
>>> These are closed systems that compete with each other, once
>>> they become federated, they can no longer compete on end-to-end
>>> security, because that is a property of the interoperability
>>> framework, not the individual product. Also with millions
>>> of account issuers, the abuse and identity problems become
>>> just as bad as for email. The problem is intrinsic, is not
>>> the result of lazy RFC writers.
>> Well, in the Jabber/XMPP world we require authentication, servers must
>> stamp the from addresses, and we use (at a minimum) reverse DNS lookups
>> to verify server identities (or use certs with TLS + SASL-EXTERNAL if
>> you want true server-to-server authentication). So I'd say the abuse and
>> identity problems are not as bad in IM (at least the IM technology I'm
>> familiar with) as in email. But you'd hope that we've learned a thing or
>> two since email was invented. ;-)
> What is the value of such "authentication"? Which organizations will you
> trust? For example, most mail that passes SPF is spam... Authentication
> by the issuing organization is only useful, if you can keep bad issuers
> of the net... If federated Jabber becomes universal, the bad guys cannot
> be excised from the network. The botnets cannot be excised from the network,
> ...
> The problem is technology neutral. Loosely along the lines of Goedel's
> incompleteness theorem, any universally deployed federated communications
> medium will exhibit spam.

I never made the strong claim that the federated Jabber network is or
always will remain spam free, only the weaker claim that its abuse and
identity problems are and will remain less serious than those of the
federated email network as it exists today. There is no magic bullet,
and a spam-free utopia is not an option if federated communications are
desired. I do not dispute that if Jabber becomes popular enough, there
will be rogue servers that don't enforce local authentication (although
with server dialback and TLS they can't fake from addresses at other
domains, see RFC 3920), and that those who deploy Jabber services will
need to blacklist those domains. I do not dispute that there will be
spam bots and that server admins or end users will need to block
communication with those bots (e.g., using the privacy list protocol
defined in RFC 3921). I do not dispute that there will be phishing
attacks (e.g., using internationalized addresses that look like but are
not identical to familiar addresses) and that client software will need
to take appropriate measures to differentiate between legitimate and
mimicked addresses (e.g., using petname systems as described in
JEP-0165). All I'm saying is that we have a lot of the infrastructure in
place (and are building more) to make abuse harder and identity stronger
than it is on the existing email network. Is Jabber perfect? No. We're
just trying to make it good enough that the bad guys will go elsewhere
(which, so far, they have).


Peter Saint-Andre
Jabber Software Foundation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the cryptography mailing list