[jdev] Securing XMPP
Olle E. Johansson
oej at edvina.net
Thu Aug 29 06:45:38 UTC 2013
29 aug 2013 kl. 03:27 skrev Peter Saint-Andre <stpeter at stpeter.im>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 8/28/13 12:42 PM, Olle E. Johansson wrote:
>> 28 aug 2013 kl. 18:33 skrev Peter Saint-Andre
>> <stpeter at stpeter.im>:
>>> DANE/DNSSEC is great for that, or will be when it is more
>>> generally available, but IMHO we might need to wait *years* for
>>> that to happen.
>> Peter, If you keep repeating this statement it will become true...
> I don't think stpeter is that powerful. ;-)
>> I don't think we're talking so many years here, but it all depends
>> on which TLD you're using. In Sweden we've had DNSsec support in
>> .SE for many years, we have patches for OpenSSL for DANE and are
>> starting to look at code.
> And our friends in .jp don't even have DNS SRV support yet!
>> I think you should modify this statement that one might need to
>> wait years for DANE/DNSsec to be implemented in all TLDs.
> It's not just the registrars -- it's the resolvers, the nameservers,
> the operating systems, the application software, the clients, the
> servers, the distros, etc. There are a lot of moving parts involved.
Well, when OpenSSL has this by default and a new release of Linux
is released with that version of OpenSSL a lot of apps will support
this automagically. And a few more people understanding then SSL proxy
- what it is and does - things will move fast.
But I do acknowledge that things take time. That should not stop
us early movers and shakers from pushing forward...
> Just my centigram of silver. ;-)
Oh dear, that's metric!
> - --
> Peter Saint-Andre
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> -----END PGP SIGNATURE-----
More information about the JDev