Off-topic. Every time I hear about XMPP I remember signal's moxie bashing it.
What is currently the mainstream opinion regarding XMPP and good security: is it possible? Is moxie an outlier in saying that it's not possible, or is that the mainstream opinion too?
When Moxie wrote that blog post[1] he was only speaking on behalf of his business interests. Signal is a proof-of-concept application that Open Whisper Systems uses to show off and sell their technology to other chat companies like how they have been doing with WhatsApp[2], Google[3] and Microsoft[4].
He was not really speaking for what was best for the community, you can read the blog post as marketing material.
> Signal is a proof-of-concept application that Open Whisper Systems uses to show off and sell their technology to other chat companies like how they have been doing with WhatsApp[2], Google[3] and Microsoft[4].
This is a very uncharitable interpretation. Signal is arguably more secure than the competitors you mentioned, not just a "proof-of-concept".
> He was not really speaking for what was best for the community, you can read the blog post as marketing material.
In the blog post Moxie mentioned usability concerns due to federation, which directly affect users.
Why? The blog post was before Matrix.org even had encryption. The Signal project has limited resources, which it focused on the Signal protocol. Matrix builds on this work and invests in federation.
What is currently the mainstream opinion regarding XMPP and good security: is it possible? Is moxie an outlier in saying that it's not possible, or is that the mainstream opinion too?