[jadmin] trusted federation

Peter Saint-Andre stpeter at stpeter.im
Fri Jan 18 09:44:14 CST 2008 

Johansson Olle E wrote:
> 18 jan 2008 kl. 02.41 skrev Peter Saint-Andre:
> 
>> Neil Stevens wrote:
>>> Peter Saint-Andre wrote:
>>>> I have posted some thoughts on upgrading the Jabber network to  
>>>> encrypted-only s2s here:
>>>>
>>>> https://stpeter.im/?p=2136
>>>>
>>>> Flames are welcome. :)
>>> The key effect of this would be to fragment the network. It'll be  
>>> just like email, with some people choosing to plug their ears and  
>>> ignore a lot of people.  It seems to me that would be to make xmpp  
>>> a whole lot less useful as a public communications network.
>>> Now if you *want* XMPP to devolve into a set of mutually- 
>>> incommunicative cliques, that's fine, but I don't see the point in  
>>> that.  It'll just drive people toward AIM or something.
>> We heard the same arguments in October 2000 when we started  
>> enforcing dialback.
>>
> One side of me likes enforcing, but on the other hand the practical  
> side of me agrees with Neil, it will lead to fragmentation. Whether  
> that is something you wish for depends on the software changes done in  
> the short perspective. If we're very pro-active in the software side  
> (it's the software that users and admins see) the result will be that  
> the 2009 switch leaves only the spammers in the cold. I think everyone  
> agrees that we actually need that kind of fragmentation.

Heh. Yes, let's fragment out the spammers. :)

We don't have spammers -- and you know we could have spammers even if we 
have trusted federation -- but it might be easier to deal with them if 
we can revoke their certificates.

> If this could be displayed in the client somehow, it would speed up  
> the process. Let's say the client have a visual warning, not too  
> annoying, but still something that worries people - like a red lamp  
> and a text saying something along the line of "This session is over an  
> insecure line with an untrusted remote server".
> 
> Oh, darn, I just realized while writing this down that it may lead to  
> people moving to more insecure protocols instead, that never ever  
> issues a warning.

Maybe. But I think that if we have something like XEP-0219 then at least 
end users would have knowledge of the end-to-end connection.

> Regardless, I believe there has too be a lot of evangelisation and SSL  
> certificate training in order for this to be a smooth process.

I agree. I started this discussion as a thought experiment, not as the 
final word.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/jadmin/attachments/20080118/c835a1f0/attachment.bin

More information about the JAdmin mailing list