[Operators] TLS to large hosting sites

Dave Cridland dave at cridland.net
Fri Apr 13 08:03:25 UTC 2012


On Fri Apr 13 08:06:29 2012, Björn Kempén wrote:
> I can confirm that s2s to gmail does not allow tls.

On this note, I'd point out that DANE - a technique for overriding or  
constraining the certificates used in TLS via DNS - is currently in  
last call at the IETF:

http://www.ietf.org/mail-archive/web/ietf-announce/current/msg10138.html

The lower-level amongst us might want to look into it, and see  
whether it'll help address the problems of using authenticated TLS in  
sites hosting many domains.

A lot of us anticipate it may prove a core building block of the  
"new" federation work we're doing in XMPP, both at the XSF and the  
IETF.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade


More information about the Operators mailing list