It looks like e2e is finally getting attention, so I might as well throw in my musings/requirements:
- Always on: I was poking around Groove Network's site just now and in one of their screenshots it mentions that encryption is always on. Should this be the same in the Jabber world?
- Extensibility: Current and future JEPs such as MUC, pubsub, file transfer, voice, video, etc. should be able to use the same infrastructure that e2e would provide. We don't want to have secure messaging and find out one of our secrets slipped into the hands of some evil doer because file transfer or pubsub was not encrypted. All of this would most likely be done in a series of JEPs.
- Offline Messaging: Despite PSA, I don't think I could live without offline messages. I'm sure some people in my roster would wish I couldn't send them, they would none the less be a feature that should not be neglected by e2e. It would only give me an excuse to use email...
- Keys for the Aunt: Could we not generate a key when she creates her account, unbeknownst to her? It might not be trusted, but she'll have one. Transfering it to another machine might be another matter (let cousin Billy show her that trick using the client's remote controls?). A Tillyfied key management system/WoT would be needed, but that's another problem.
- Logins: I want to authenticate to my server with my key. This would rule out PGP keys, but it's one less password that I have to store in MyPasswordSafe, and would be nice with a security token that I just plugin and get logged in.
There's my input. I just hope we can implement this before Congress knows what we just did.