[jdev] Heml.is and federation..

Matthew Wild mwild1 at gmail.com
Fri Jul 12 23:34:29 UTC 2013


On 12 July 2013 22:06, Peter Saint-Andre <stpeter at stpeter.im> wrote:
> Really it's a crime that we don't have ubiquitous s2s and e2e
> encryption by now

As you may know, we thought very seriously about making the default
behaviour for the next release of Prosody to require trusted and valid
certificates on all s2s connections. Ultimately we decided against it,
for now. But I remain optimistic that we shall do so in a future
version (perhaps after making a POSH verification module available).

> but I suppose in fairness to us these are hard
> problems...

Name another protocol as widespread as XMPP that has solved them so far...? :)

At least I think we're on the right track, but with things like this I
think it takes baby-steps. We have come a long way, many clients and
servers require encryption on c2s now which simply wasn't true a few
years ago.

Regards,
Matthew

PS. Anecdotal, but currently on my server:

40 "secure" incoming s2s connections (trusted+valid certificate)
37 encrypted with invalid/self-signed certificates
10 not encrypted at all

3 of the unencrypted connections are from the personal servers of
prominent members of the XMPP community (you [hopefully] know who you
are). A further 2 are domains I'm responsible for (and a server
upgrade is already scheduled to fix them), the remaining ones are
gmail.com and Google-hosted domains.


More information about the JDev mailing list