Hypothetical Use Case: A bunch of agents and I want to use a XMPP platform hosted by the cartel to raid the cartel and even if they suspect we are agents and even if they backdoor eJabber's own E2EE it would be literally impossible for them to decode the messages as we shared our OTR keys ahead of time on a private LAN or a USB or a stack of QR codes or some punch cards or ribbon tape strapped to carrier pidgins and have our own E2EE on top of their pseudo E2EE.
Dictionary: I created the term pseudo E2EE for any of the big centralized platforms that claim to use E2EE and use some client encryption magical incantations from code maintained by said platform. This is not real E2EE regardless of what magical explanation anyone gives.
From the XMPP perspective though, I want to clarify that ejabberd does not have "its own E2EE" and the E2EE that is used in modern XMPP apps (OMEMO) is client-managed and allows you to verify keys using e.g. a QR code.
OTR's limitations are quite significant (lack of file sharing, group chats, offline messages, to name a few). I don't think that helps E2EE adoption. Unless someone picks up the OTRv4 work, but even that had excluded some of those items from its scope IIRC.
Absolutely fair points. I suppose a part of me was hoping that if it were adopted then work would continue on it with a new set of eyes looking into the limitations.
Faster, for sure, but grep on logs it's easier.
