[Operators] server reputation
stpeter at stpeter.im
Tue Apr 22 14:07:07 CDT 2008
Greg Hudson wrote:
> On Tue, 2008-04-22 at 09:18 -0600, Peter Saint-Andre wrote:
>>> >From the start, Jabber has had "dialback" which is roughly equivalent to
>>> SPF, and makes it difficult (requires DNS spoofing) to impersonate
>>> another domain using s2s. There is also a drive to make more servers
>>> use properly verified TLS for s2s connections, which is roughly
>>> equivalent to domain keys and would make it even harder to impersonate
>>> another domain using s2s.
>> Hi Greg, could you expand on what you mean by "properly identified"? In
>> the terms of XEP-0238, do you mean "encrypted federation" (i.e., TLS +
>> dialback but potentially with self-signed certificates) or "trusted
>> federation" (TLS + SASL EXTERNAL with certificates issued by common roots)?
> I was referring to trusted federation, but since the "drive" I'm
> referring to is xmpp.net's CA service, you would be better qualified to
> speak to this point than I would.
We also have a drive to deploy ubiquitous TLS + dialback (which might be
with self-signed certs) by January 4, 2009 (the 10th anniversary of the
original jabberd release). At least that would get us to encrypted
federation. Ubiquitous trusted federation (using CA-issued certs) would
happen after that.
> I was just trying to explain how the situation for XMPP is better than
> the situation for email. Even if we never reach the point of ubiquitous
> trusted federation, dialback alone probably makes it economically
> infeasible to impersonate domains when spamming.
So we hope. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/operators/attachments/20080422/6fb4376d/attachment.bin
More information about the Operators