[jdev] Heml.is and federation..

Matt Miller linuxwolf at outer-planes.net
Fri Jul 12 20:30:35 UTC 2013


On Jul 12, 2013, at 2:21 PM, Kevin Smith <kevin at kismith.co.uk> wrote:

> On Fri, Jul 12, 2013 at 9:16 PM, Peter Saint-Andre <stpeter at stpeter.im> wrote:
>> In general, XMPP server
>> implementations don't perform proper (RFC 6125 / RFC 6120) certificate
>> checking and don't have an option to refuse connections from domains
>> that lack proper certificates.
> 
> I thought we found in our S2S TLS interop tests a couple of years ago
> that servers generally /did/ have the options for doing secure S2S
> (with one or two exceptions), it's just that they don't get enabled in
> typical deployments.
> 
> There is certainly a problem here, but it doesn't seem to me it's that
> code hasn't been written.
> 

The implementation most likely can handle it, the deployments might not be as successful.  This is especially for true for multi-tenant servers, where getting RFC 6125 certificates can be nigh on impossible.


- m&m

Matthew A. Miller
< http://goo.gl/LK55L >

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4160 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20130712/31449ef3/attachment.bin>


More information about the JDev mailing list