I Am Not A Member of the Security Mafia. However, I know that the Jabber community can do more to address security issues. One step in the right direction would be to define a Jabber threat model, similar to (but more detailed than) this browser threat model, which hopefully would also result in a Jabber security model down the road. Will Kamishlian and I have authored a proposal to form a Jabber Interest Group devoted to security so that we can define the threat and security models in an open forum. Now that more and more people are using Jabber, it's time for us to really investigate, define, and improve the security profile of the underlying protocols and technologies. A number of people have told me that they want to contribute to this effort, and some of them even know a thing or two about security. For those who don't, there is always time to learn. Two good blogs on the topic are Financial Cryptography (see this post) and Educated Guesswork (see this post on the same topic).

Peter Saint-Andre > Journal