[jadmin] STARTTLS on s2s links
stpeter at jabber.org
Mon Oct 24 12:36:21 CDT 2005
Matthias Wimmer wrote:
> Out of curriosity I started to log on amessage which s2s connections are
> established using the STARTTLS stream feature and are therefore
> encrypted. The result of about 20 hours is that there are at least the
> following servers on the public Jabber network, that support STARTTLS on
> s2s links:
> Nice to see more servers than I expected, but still far to few servers
> support encryption on server to server links.
There are probably several reasons:
1. Not all server implementations support TLS + SASL External for s2s
(or deployments haven't been upgraded yet to recent software versions
that support these features).
2. Many server admins care about security but don't understand use of
certificates with XMPP (e.g., no good HOWTOs) so they just do without.
3. Many server admins don't care about security enough to complain about
(1) and overcome (2).
Also, I wonder: are these servers presenting self-signed certificates?
Are admins waiting for certification authorities to provide the proper
XMPP data in certificates before they deploy TLS+SASL for s2s? Should be
push harder on our friends at http://www.cacert.org/ for XMPP support in
Jabber Software Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3511 bytes
Desc: S/MIME Cryptographic Signature
More information about the JAdmin