Interview: Peter Saint-Andre

Mister Peter Saint-Andre is the Executive Director of the Jabber Software Foundation (JSF) and will talk about the security features built into Jabber; he will introduce the Intermediate Certification Authority that issues issue free digital certificates for Jabber servers, and will discuss end-to-end encryption for complete privacy of instant messaging.

What do you hope to accomplish by giving this talk? What do you expect?

I hope to "get the word out" about why Jabber is the secure choice for real-time communications.

Could you describe your role in the Jabber (or XMPP) community?

My official title is Executive Director of the Jabber Software Foundation, but I call myself the "anarchitect". :-) I guess I'm the "leader" of the Jabber/XMPP community, but we have an extremely decentralized community of projects and companies. We come together to agree on protocols but each team goes its own way regarding specific features. I do a lot of work on our protocols (I wrote the XMPP RFCs and most of the XMPP extensions), a lot of my job involves connecting developers who are working on similar things.

Would you call yourself a "power user"?

Sure. I have over 1300 people in my Jabber contact list so I chat all day long.

Do you have any idea how big the commercial XMPP community is?

Every day I hear about more companies who are using XMPP to build real-time functionality into their projects and internal projects (not just person-to-person, but also application-to-application systems). Unfortunately, many companies consider XMPP to be a kind of "secret sauce" that gives them competitive advantage over other companies, so they don't like to talk about what they're doing in public.

What is the difference between Jabber and XMPP (if any)? Do they have different communities?

There's no difference. We use "Jabber" to refer to the general set of technologies and "XMPP" to refer to the Extensible Messaging Protocol, which is the IETF's formalization of the core Jabber protocols (the IETF likes four-letter acronyms for protocols!). You can think of it as "Jabber is to XMPP at the Web is to HTTP". Since the Jabber Software Foundation in fact works on protocol extensions to XMPP rather than software, we're about to change the name of the organization to the XMPP Standards Foundation. But our focus remains the same: building open technologies for real-time communication.

There have been some proposals to use XMPP as the basis for an SMTP (i.e., e-mail) replacement. Do you see this as a viable option?

It is an interesting idea as a research project, but I don't know if it's viable. I'm a big proponent of XMPP, but I don't think we need to use XMPP for everything and I see no compelling reason to replace HTTP or SMTP with XMPP. The most compelling idea would be to use the strong server-to-server security model inherent in XMPP for inter-domain email delivery. That would be hidden from end users but might help overcome some of the problems we have with spam over email.