[Operators] server reputation

Greg Hudson ghudson at MIT.EDU
Tue Apr 22 10:39:09 CDT 2008


On Tue, 2008-04-22 at 09:18 -0600, Peter Saint-Andre wrote:
> >>From the start, Jabber has had "dialback" which is roughly equivalent to
> > SPF, and makes it difficult (requires DNS spoofing) to impersonate
> > another domain using s2s.  There is also a drive to make more servers
> > use properly verified TLS for s2s connections, which is roughly
> > equivalent to domain keys and would make it even harder to impersonate
> > another domain using s2s.

> Hi Greg, could you expand on what you mean by "properly identified"? In
> the terms of XEP-0238, do you mean "encrypted federation" (i.e., TLS +
> dialback but potentially with self-signed certificates) or "trusted
> federation" (TLS + SASL EXTERNAL with certificates issued by common roots)?

I was referring to trusted federation, but since the "drive" I'm
referring to is xmpp.net's CA service, you would be better qualified to
speak to this point than I would.

I was just trying to explain how the situation for XMPP is better than
the situation for email.  Even if we never reach the point of ubiquitous
trusted federation, dialback alone probably makes it economically
infeasible to impersonate domains when spamming.




More information about the Operators mailing list