[Operators] Future of XMPP Re: The Google issue
thijs at xnyhps.nl
Tue Dec 3 22:35:39 UTC 2013
On 3 dec. 2013, at 22:56, Jesse Thompson <jesse.thompson at doit.wisc.edu> wrote:
> On 12/3/2013 11:24 AM, Peter Saint-Andre wrote:
>> We need POSH for authenticated encryption. If people think that
>> unauthenticated encryption is good enough for some purposes, then they
>> don't need POSH or DANE/DNSSEC. Personally I'd prefer authenticated
>> encryption, so I still think that POSH is useful in the short to
>> medium term and DANE/DNSSEC is useful in the long term.
> Maybe this was already said, but it's a little unclear.
> So, it's OK that my domains score an "F" for failing the "authenticated encryption" related tests at the IM Observatory? Having an "F" does not mean that we will be cut off from the network on the test days?
From the manifesto:
o prefer authenticated encryption (via digital certificates) for
server-to-server connections; if authenticated encryption is not
available, fall back to opportunistic encryption with identity
verification using Server Dialback
So if you do not provide a way for other servers to authenticate you properly, you should keep dialback support enabled.
Of course there might be servers that want to enable encryption *and* secure authentication, but that would be beyond what the manifesto calls for.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Operators