[Juser] JUser Digest, Vol 61, Issue 1

Peter Saint-Andre stpeter at stpeter.im
Tue Oct 7 07:02:17 CDT 2008

Anton Starikov wrote:
> On Friday 03 October 2008 20:00:02 juser-request at jabber.org wrote:
>> Beginning tonight and running for one week, the jabber.org IM service
>> will require encryption when you connect your client to the server.
> how can you do that?!

We can do that because we run the server. :)

> the biggest standalone jabber server... not to mention google's and LJ's
> conducting experiments on unsuspecting clients. not all of them read mailing 
> lists or visit website in case of problems.
> This experiment is irresponsibility at work!

The server admins think it's irresponsibility at work to continue
allowing unencrypted connections so that anyone can eavesdrop on your
conversations. We've had SSL since 1999 and TLS upgrade since 2004. It's
time for client developers to support that as the default. This one-week
experiment is a forcing function.

> No offense, but i'm so glad i switched to another jabber server when you guys 
> got instability problems on your "super super bunker double piped stable 
> server" :-/
> i'm disappointed

I'm disappointed that so many users care so little about security.

I agree that we could have communicated more clearly, but remember that
we don't have email addresses on file for our users. Next time we try
this, we'll send out a message broadcast a week or two before the test.


Peter Saint-Andre

More information about the JUser mailing list