[jdev] Heml.is and federation..
stpeter at stpeter.im
Fri Jul 12 21:01:28 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 7/12/13 2:21 PM, Kevin Smith wrote:
> On Fri, Jul 12, 2013 at 9:16 PM, Peter Saint-Andre
> <stpeter at stpeter.im> wrote:
>> In general, XMPP server implementations don't perform proper (RFC
>> 6125 / RFC 6120) certificate checking and don't have an option to
>> refuse connections from domains that lack proper certificates.
> I thought we found in our S2S TLS interop tests a couple of years
> ago that servers generally /did/ have the options for doing secure
> S2S (with one or two exceptions), it's just that they don't get
> enabled in typical deployments.
> There is certainly a problem here, but it doesn't seem to me it's
> that code hasn't been written.
In the main I think you're right, although I'm not positive that all
servers perform all of the checks mentioned in RFC 6120:
But the real problems seem to be in deployments, not implementations.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the JDev