[jdev] Heml.is and federation..

Peter Saint-Andre stpeter at stpeter.im
Fri Jul 12 21:06:29 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 7/12/13 2:30 PM, Matt Miller wrote:
> 
> On Jul 12, 2013, at 2:21 PM, Kevin Smith <kevin at kismith.co.uk>
> wrote:
> 
>> On Fri, Jul 12, 2013 at 9:16 PM, Peter Saint-Andre
>> <stpeter at stpeter.im> wrote:
>>> In general, XMPP server implementations don't perform proper
>>> (RFC 6125 / RFC 6120) certificate checking and don't have an
>>> option to refuse connections from domains that lack proper
>>> certificates.
>> 
>> I thought we found in our S2S TLS interop tests a couple of years
>> ago that servers generally /did/ have the options for doing
>> secure S2S (with one or two exceptions), it's just that they
>> don't get enabled in typical deployments.
>> 
>> There is certainly a problem here, but it doesn't seem to me it's
>> that code hasn't been written.
>> 
> 
> The implementation most likely can handle it, the deployments might
> not be as successful.  This is especially for true for multi-tenant
> servers, where getting RFC 6125 certificates can be nigh on
> impossible.

Thus POSH. :-)

http://datatracker.ietf.org/doc/draft-miller-posh/

Really it's a crime that we don't have ubiquitous s2s and e2e
encryption by now, but I suppose in fairness to us these are hard
problems...

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJR4G/VAAoJEOoGpJErxa2p0twP/RC6h29JO799R8BIM7DbDlVi
kliXNsWJScSVcejztjCSzqA/gEJFqzIDqxVHp5jdxC1KWxd0yrX1CmFERr7f+xje
KKU6vNmf1CG4g314Ycu8ACjwNX0GQuR0/+4jno8aa/aMDq4QFoah7CGg+8Vm/V9y
/l1G34CzqYDuOvI6ojPw1MgjujYyCP3dPQ14L4R55EtQX3fJhgsSBonclVmeol/p
nR3ZTH/C0OwCSa6IjBLuqhxVnwvsRT6fQNE76gcObw9GcyBy8Ds3bZ5ildPAo0a8
fYI27wrdzx+x3IUkndExkgSIIYLpb8KekSp+M1fkcCqs771qUJY4h+vFWOVCtYm8
ZrTphnRdcFtWbbWU+i1QQKW/cbIre0k0QiP+XM0VXWv8XN+5XZKdjpobdjrMDbP5
fkXLU/J8kRDJaIMZHRlVTvgzmkcZwc77k5tvr4H3mAm1w2WaRNGl7LBojJGdIeG/
upjHAM40q6LnK5L2jgr+yIcX3Q6VleGMzWvERl2XjN494zNRuIJHNs5X7xo+8rbD
Ehu6v6Gg6vz05hQSr79ut7221F/MR6wKW7UxKSO6jtq74zcNBUL4HdnEae+sV4mw
1ALtH+vojOZZ4mNOB4s+2kUsZ0DOfJu8duAN65F3m4HgO7yZSn/YNEEKxnYTLKYi
OmTzKBpbthIhNBDNP2lr
=lcuC
-----END PGP SIGNATURE-----


More information about the JDev mailing list