[jdev] Heml.is and federation..

Kevin Smith kevin at kismith.co.uk
Fri Jul 12 20:21:38 UTC 2013


On Fri, Jul 12, 2013 at 9:16 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
> In general, XMPP server
> implementations don't perform proper (RFC 6125 / RFC 6120) certificate
> checking and don't have an option to refuse connections from domains
> that lack proper certificates.

I thought we found in our S2S TLS interop tests a couple of years ago
that servers generally /did/ have the options for doing secure S2S
(with one or two exceptions), it's just that they don't get enabled in
typical deployments.

There is certainly a problem here, but it doesn't seem to me it's that
code hasn't been written.

/K


More information about the JDev mailing list