[jadmin] trusted federation

Mon Jan 21 07:01:37 CST 2008

Peter,

Ok you're right about the admin messages every hour , i would sent them to /dev/null after the second message :-).

So i think your statement about traffic levels reaching a certain point and then sent a message to the admin makes more sence.
This should be a nice way to inform the administrators without the risk that they will sent them to /dev/null.

Regards,
Oliver

> Date: Fri, 18 Jan 2008 08:54:11 -0700
> From: stpeter at stpeter.im
> To: jadmin at jabber.org
> Subject: Re: [jadmin] trusted federation
> 
> oliver bril wrote:
> >  
> > I work for a very large company and we sell these kind of services (mail 
> > , relay, xmpp etc). Because we sell these services to customers we have 
> > the rule that everything needs to be secured with certificates or vpn's. 
> > But it is not always easy , there are hundreds of ways we have to create 
> > our certificates, I cannot always convert one certificate format into 
> > another (like I had to do when I implemented a load balancer).  So if 
> > you want to make everything secure with valid certificates you have make 
> > sure the procedure for requesting/implementing these certificates is 
> > very easy and that the certificates will be free. We use verisign 
> > certificates and they are not cheap. 
> 
> We run an intermediate certification authority for the XMPP network and 
> it gives out free certificates:
> 
> https://www.xmpp.net/
> 
> I can't promise that the procedures are as easy as they could be, but 
> we're working on that.
> 
> > I think it still needs to be a choice people make. Normally when I want 
> > to take a look at a program I install it very basic (so without 
> > certificates) and test it. If I like it I'll go on. I think there is a 
> > possibility that you will loose some people if you force them to use 
> > certificates.
> 
> Agreed.
> 
> > What if you do the following things to make people aware it would be a 
> > very good idea to take a look at securing things:
> >  
> > 1. write a statement to the log files every hour that the server is not 
> > secured and that this can be done for free.
> 
> Nice.
> 
> > 2. if someone doesn't secure its server sent a message to the admin 
> > account every hour.
> 
> Heh that seems a bit annoying -- the admins will just send those to 
> /dev/null after a day or so. :)
> 
> > This prevents that you loose people but perhaps they get annoyed by 
> > these messages and will secure their server.
> 
> Yes we need ideas like that. I'm sure there are other ways to prod 
> admins into getting certificates. Maybe once the traffic levels reach a 
> certain point between two servers, the peer server sends a message to 
> the admins?
> 
> Peter
> 
> -- 
> Peter Saint-Andre
> https://stpeter.im/
> 

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/jadmin/attachments/20080121/51595e47/attachment.htm 