Pete Rowley

Like to chat online? Of course you do. Like third parties snooping in on your conversations? Of course you don’t. Unfortunately that is the reality today, there is no lack of IM sniffers out there and that makes your conversations vulnerable to capture even to the unsophisticated. Beyond employers spying on employees, any sensitive company information you might divulge could be going right into the ears of your competitors.

There is good news though, Bob Lord has written about secure AIM that his team added to the AIM client 5 years ago using open standards. Apparently people who write books about this sort of thing have never noticed the security tab in the AIM configuration so they don’t write about it. That’s a bit of a shame given that secure AIM uses certificate based chat encryption and signing. In other words you know who you are talking to, and you know you are only talking to that person. He even offers to help the gaim team if they want a compatible implementation. I do note that there are some crypto plugins for gaim but there is an obvious advantage to supporting the same scheme as AIM and an open standard intended for the purpose at the same time.

John Merrells makes the point that DIX is an “ethernet” for identity protocols. I would say it is akin to TCP/IP, but I agree. In its initial incarnation it attempts to solve no more than is required for exchange of identity information. It is a layer of the solution that enables the higher layers.
There are good reasons to follow the network stack model of layering functionality - we are having these high level conversations about identity because the underlying supporting infrastructure was created in layers. Those layers became commoditized at different times allowing more and more innovation to occur at the higher layers. Trying to solve the whole identity problem for the whole internet in one giant step is never going to happen - it would be like inventing “the web” as we know it today in one fell swoop.

Johannes Ernst showed a picture at the IIW that supports that argument nicely.

Dick Hardt reports there has been an IETF Flooding. Nasty business, a three foot moat appears around the hotel where we happen to be. Trapped and unable to get to my hotel, I was left to lament my fortune of being confined with only a cocktail bar, a 5 star restauraunt, and a gaggle of corporate card wielding socially handicapped geeks. It was a trying experience I can tell you. Mustn’t grumble.

I wish I could report that this evening will fair better, but sadly I shall be required to have dinner with the DIX BOF prior to a last minute LDAP BOF to be held in the bar.

When will it end.