[jadmin] trusted federation
oliver_bril at hotmail.com
Fri Jan 18 03:51:17 CST 2008
I work for a very
large company and we sell these kind of services (mail , relay, xmpp etc).
Because we sell these services to customers we have the rule that everything
needs to be secured with certificates or vpn's. But it is not always easy ,
there are hundreds of ways we have to create our certificates, I cannot always
convert one certificate format into another (like I had to do when I implemented
a load balancer). So if you want to make everything secure with valid
certificates you have make sure the procedure for requesting/implementing these
certificates is very easy and that the certificates will be free. We use
verisign certificates and they are not cheap.
I think it still
needs to be a choice people make. Normally when I want to take a look at a
program I install it very basic (so without certificates) and test it. If I like
it I'll go on. I think there is a possibility that you will loose some people if
you force them to use certificates.
What if you do the
following things to make people aware it would be a very good idea to take a
look at securing things:
1. write a statement
to the log files every hour that the server is not secured and that this can be
done for free.
2. if someone
doesn't secure its server sent a message to the admin account every
This prevents that
you loose people but perhaps they get annoyed by these messages and will secure
> Date: Fri, 18 Jan 2008 09:51:25 +0100
> From: s.devrieze at pandora.be
> To: jadmin at jabber.org
> Subject: Re: [jadmin] trusted federation
> 2008/1/18, Peter Saint-Andre <stpeter at stpeter.im>:
> > I have posted some thoughts on upgrading the Jabber network to
> > encrypted-only s2s here:
> > https://stpeter.im/?p=2136
> > Flames are welcome. :)
> I think there is a much better way to move the XMPP network to
> encrypted-only s2s: write a protocol extension for end-to-end
> encryption that can accurately detect if also the s2s connection is
> secured (and it may not be possible to fake this). Then get this XEP
> implemented in the codebases of lots of clients, libs, and servers. In
> this way it will be the users that will request this feature. So,
> instead of pushing this, it will be pulling.
> Mvg, Sander Devrieze.
> JAdmin mailing list
> JAdmin at jabber.org
> FAQ: http://www.jabber.org/about/jadminfaq.shtml
Express yourself instantly with MSN Messenger! Download today it's FREE!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the JAdmin