[Operators] Future of XMPP Re: The Google issue

Thijs Alkemade thijs at xnyhps.nl
Tue Dec 3 22:35:39 UTC 2013


On 3 dec. 2013, at 22:56, Jesse Thompson <jesse.thompson at doit.wisc.edu> wrote:

> On 12/3/2013 11:24 AM, Peter Saint-Andre wrote:
>> We need POSH for authenticated encryption. If people think that
>> unauthenticated encryption is good enough for some purposes, then they
>> don't need POSH or DANE/DNSSEC. Personally I'd prefer authenticated
>> encryption, so I still think that POSH is useful in the short to
>> medium term and DANE/DNSSEC is useful in the long term.
> 
> Maybe this was already said, but it's a little unclear.
> 
> So, it's OK that my domains score an "F" for failing the "authenticated encryption" related tests at the IM Observatory?  Having an "F" does not mean that we will be cut off from the network on the test days?
> 
> Jesse

From the manifesto:

o prefer authenticated encryption (via digital certificates) for 
  server-to-server connections; if authenticated encryption is not
  available, fall back to opportunistic encryption with identity
  verification using Server Dialback

So if you do not provide a way for other servers to authenticate you properly, you should keep dialback support enabled.

Of course there might be servers that want to enable encryption *and* secure authentication, but that would be beyond what the manifesto calls for.

Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/operators/attachments/20131203/90cfbf4d/attachment.pgp>


More information about the Operators mailing list