[cryptography] Is it just me or is this fundamentally broken?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Mar 5 02:02:46 EST 2013

Peter Saint-Andre <stpeter at stpeter.im> writes:

>No one uses XEP-0027 these days, they all use OTR. The PGP integration with
>XMPP clients was an early experiment in the Jabber community before we even
>called it XMPP. Think 13+ years ago. But clients never signed empty strings,
>although we never fixed the spec because no one was using the technology.
>I'll push to make the spec Obsolete.

It might be a good idea to do this, since the reason I found out about this
part of the spec was because someone complained that they were having problems
signing an empty string.


More information about the cryptography mailing list