this post was submitted on 13 Feb 2024
214 points (97.8% liked)
Technology
59605 readers
4202 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
XMPP by now is no less well-tested.
Average company firewall shouldn't allow 80 and 443 to outside anyway.
Anyway, that could have been a fallback, it's the only way instead.
Doing an IM over TCP I can understand. VoIP signalling over TCP is not serious.
Look at Retroshare. In this particular regard (not its whole model of security, which is seemingly not good, but I'm not a specialist) it does things right, I think.
And which are not in your opinion?
Still not better than XMPP, so factually wrong. =)
By firewall I mean outgoing. And XMPP is kind of a non-starter.
Peer to peer is also a non starter. You have to have some kind of email-like structure.
What’s so good with XMPP?
Less resource-heavy than Matrix, doesn't have the "store everything from your every chat" feature and thus requiring less space, more mature, very easy to set up.
Hm. How’s E2EE?
OMEMO is implemented, at least in major clients. I use it all the time.
Is it true end to end? As in can you verify?
Verify - as in what? The algorithm is open-source. If you're talking about the keys, yes, you can view the keys used in a conversation and check if the fingerprints match.
I got what you meant. Anyway, if it's a company network, then they can, you know, allow something else.
That was in response to you asking how to do things without PKI, so I referred you to Retroshare as an example of using something like web of trust to that end.
P2P is irrelevant here. What does email have to do with this? Do you mean federation as in having servers, as opposed to distributed model? Do you mean identities being tied to servers?
And also why would that be "a non-starter"? Old Skype was P2P, using central servers for authentication only. I think we all agree it worked very well.
If you mean that it's hard - I agree, I love to blabber about P2P solutions, but these are harder.
(Say, since old Skype people got used to downloading their history on a new device, which didn't always work, but that can be solved by supernodes\servers to store and forward encrypted data with that history, a bit like Freenet. Only the person who can design something like that is definitely not me.)
What the other user said, plus having lots of good clients.
In general with XMPP thanks to the extension model (administrative one) good and bad things have already been tried, some discarded, and there's a specific set of XEPs making it a very usable protocol supported by all relevant clients.