[jadmin] trusted federation

oliver bril oliver_bril at hotmail.com
Fri Jan 18 03:51:17 CST 2008


 
I work for a very 
large company and we sell these kind of services (mail , relay, xmpp etc). 
Because we sell these services to customers we have the rule that everything 
needs to be secured with certificates or vpn's. But it is not always easy , 
there are hundreds of ways we have to create our certificates, I cannot always 
convert one certificate format into another (like I had to do when I implemented 
a load balancer).  So if you want to make everything secure with valid 
certificates you have make sure the procedure for requesting/implementing these 
certificates is very easy and that the certificates will be free. We use 
verisign certificates and they are not cheap. 
 
I think it still 
needs to be a choice people make. Normally when I want to take a look at a 
program I install it very basic (so without certificates) and test it. If I like 
it I'll go on. I think there is a possibility that you will loose some people if 
you force them to use certificates.
 
What if you do the 
following things to make people aware it would be a very good idea to take a 
look at securing things:
 
1. write a statement 
to the log files every hour that the server is not secured and that this can be 
done for free.
2. if someone 
doesn't secure its server sent a message to the admin account every 
hour.
 
This prevents that 
you loose people but perhaps they get annoyed by these messages and will secure 
their server.
 
Regards,
Oliver


> Date: Fri, 18 Jan 2008 09:51:25 +0100
> From: s.devrieze at pandora.be
> To: jadmin at jabber.org
> Subject: Re: [jadmin] trusted federation
> 
> 2008/1/18, Peter Saint-Andre <stpeter at stpeter.im>:
> > I have posted some thoughts on upgrading the Jabber network to
> > encrypted-only s2s here:
> >
> > https://stpeter.im/?p=2136
> >
> > Flames are welcome. :)
> 
> I think there is a much better way to move the XMPP network to
> encrypted-only s2s: write a protocol extension for end-to-end
> encryption that can accurately detect if also the s2s connection is
> secured (and it may not be possible to fake this). Then get this XEP
> implemented in the codebases of lots of clients, libs, and servers. In
> this way it will be the users that will request this feature. So,
> instead of pushing this, it will be pulling.
> 
> -- 
> Mvg, Sander Devrieze.
> _______________________________________________
> JAdmin mailing list
> JAdmin at jabber.org
> http://mail.jabber.org/mailman/listinfo/jadmin
> FAQ: http://www.jabber.org/about/jadminfaq.shtml
> _______________________________________________

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jadmin/attachments/20080118/da25de51/attachment-0003.htm>


More information about the JAdmin mailing list