[jdev] Heml.is and federation..
linuxwolf at outer-planes.net
Fri Jul 12 20:30:35 UTC 2013
On Jul 12, 2013, at 2:21 PM, Kevin Smith <kevin at kismith.co.uk> wrote:
> On Fri, Jul 12, 2013 at 9:16 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
>> In general, XMPP server
>> implementations don't perform proper (RFC 6125 / RFC 6120) certificate
>> checking and don't have an option to refuse connections from domains
>> that lack proper certificates.
> I thought we found in our S2S TLS interop tests a couple of years ago
> that servers generally /did/ have the options for doing secure S2S
> (with one or two exceptions), it's just that they don't get enabled in
> typical deployments.
> There is certainly a problem here, but it doesn't seem to me it's that
> code hasn't been written.
The implementation most likely can handle it, the deployments might not be as successful. This is especially for true for multi-tenant servers, where getting RFC 6125 certificates can be nigh on impossible.
Matthew A. Miller
< http://goo.gl/LK55L >
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4160 bytes
Desc: not available
More information about the JDev