On Wed, Sep 7, 2022 at 4:07 PM S Moonesamy <sm+ietf@xxxxxxxxxxxx> wrote:
Hello,
At 10:06 AM 07-09-2022, Robert Sparks wrote:
>After a series of trials used to gather feedback from the community,
>the IETF has switched from Jabber to Zulip as its chat service.
I assumed that XMPP was in wide use in the IETF community and still
in use on the internet. I gather that is not the case given that RFC
6120 is following a path similar to RFC 959 [1]. It is high time to
consider what to do with "standards" which no longer have community support.
A standard is something that has established a user community. For whatever reason, Jabber has failed to do that and not for lack of trying.
I have only ever used Jabber at IETFs and on multiple occasions, I have arrived at an IETF to discover that my Jabber application has simply stopped working. I have had accounts at three separate identity providers fail because the provider shut down.
Unfortunately, Adium is simply not fit for purpose. If you happen to have chosen one of the identity providers that has shut down, you will be left in a state where it won't work and will not tell you why. There may be better options but after spending the first 45 minutes of multiple IETFs trying to get a working jabber config,
Tools of the 'it works for me' variety are not fit for purpose even if they do have a glossy GUI.
There are many mistakes made in standards work but one of the most common is to keep flogging a dead horse. While there is certainly a possibility that XMPP will somehow manage to Travolta and sweep away the proprietary messaging systems we are stuck with, that is far from being a likely outcome.
The IETF recognizing that Jabber has failed to succeed is a positive step in my view because it clears the way for an approach that has a better chance of success.
My goal here is to establish an open infrastructure for messaging that has end-to-end security built in. If I thought Jabber was a viable vehicle for achieving that, I would have designed my system around Jabber. As things stand, there is no messaging solution that is designed as an open infrastructure. Signal has an open standard but it is not an open service, it is a walled garden.
What I want to build is something that meets this set of criteria:
If people are interested in building an open infrastructure for messaging that has PQC end to end security built in from the start, lets talk in London.
I am putting together a prototype (Quark). I can't guarantee to have the voice and video running by then but I think WebRTC has solved that part for me already.
My basic premise here is that WebRTC has already done all of the hard work to build what I need. All it lacks is the PKI and presence components. And I have spent the last 30 years building a series of PKIs and I now have a TKI.
