[Operators] server reputation

Peter Saint-Andre stpeter at stpeter.im
Tue Apr 22 14:07:07 CDT 2008

Greg Hudson wrote:
> On Tue, 2008-04-22 at 09:18 -0600, Peter Saint-Andre wrote:
>>> >From the start, Jabber has had "dialback" which is roughly equivalent to
>>> SPF, and makes it difficult (requires DNS spoofing) to impersonate
>>> another domain using s2s.  There is also a drive to make more servers
>>> use properly verified TLS for s2s connections, which is roughly
>>> equivalent to domain keys and would make it even harder to impersonate
>>> another domain using s2s.
>> Hi Greg, could you expand on what you mean by "properly identified"? In
>> the terms of XEP-0238, do you mean "encrypted federation" (i.e., TLS +
>> dialback but potentially with self-signed certificates) or "trusted
>> federation" (TLS + SASL EXTERNAL with certificates issued by common roots)?
> I was referring to trusted federation, but since the "drive" I'm
> referring to is xmpp.net's CA service, you would be better qualified to
> speak to this point than I would.

We also have a drive to deploy ubiquitous TLS + dialback (which might be
with self-signed certs) by January 4, 2009 (the 10th anniversary of the
original jabberd release). At least that would get us to encrypted
federation. Ubiquitous trusted federation (using CA-issued certs) would
happen after that.

> I was just trying to explain how the situation for XMPP is better than
> the situation for email.  Even if we never reach the point of ubiquitous
> trusted federation, dialback alone probably makes it economically
> infeasible to impersonate domains when spamming.

So we hope. :)


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/operators/attachments/20080422/6fb4376d/attachment.bin 

More information about the Operators mailing list