[Members] [prosody-users] Re: [buddycloud-dev] Some thoughts on buddycloud security / enforcing SSL server to server in Prosody

Philipp Hancke fippo at goodadvice.pages.de
Wed Aug 21 18:37:16 UTC 2013


Am 21.08.2013 17:15, schrieb Kim Alvefur:
> On 2013-08-21 16:30, Simon Tennant wrote:
>> We're well overdue a SEX (Security and Encryption in XMPP) day where all
>> major XMPP operators disable s2s and c2s cleartext connections. This would
>> be similar to the ipv6 day last year. The aim being to get all major sites
>> switched over in one go.
>
> Let's do this! :)
>
> Perhaps, like the IPv6 day before the IPv6 Launch Day, we run it for
> just one day at first.

I'm ok with C2S, but I'd love to know how much breaks on s2s first. 
Basically what I did back in 2007 at 
http://mail.jabber.org/pipermail/standards/2007-July/016086.html

I suppose we actually need some POSH deployment before we can 
realistically enforce this.

But telling people that their cert is broken is quite possible now. As 
long as Peter tells them that 'but it works with jabber.org' is not an 
argument ;-)


More information about the Members mailing list