[Operators] Gmail federation

Claudiu Curcă claudiu at coderollers.com
Fri Jan 11 12:29:09 UTC 2013


> From: operators-bounces at xmpp.org [mailto:operators-bounces at xmpp.org] On
Behalf Of Björn Kempén
> Sent: vineri, 11 ianuarie 2013 13:14
> To: Mathias Ertl
> Cc: XMPP Operators Group
> Subject: Re: [Operators] Gmail federation
>
> We do not currently support TLS on our s2s connections, so that's
currently not expected to work.

Hello all,

The lack of support for TLS on gmail.com side (which to be frank, is
surprising, to say the least) is giving a lot of headaches, especially for
admins who wish to enforce secure S2S comms.
I was trying to overcome that problem by "tunneling" connections towards
gmail.com via stunnel[1], so that outgoing connections would "look" secured
to my XMPP server. However, I gave up when I realized that there's no way to
make this work the other way around (as incoming connections would still be
unsecured and thus rejected).

Bjorn, considering internal confidentiality policies and all that jazz,
could you please at least tell us what's holding Google back from enabling
TLS on gmail.com S2S interface? We know that it works for c2s connections,
so I find it hard to understand the lack on s2s connections.

[1] https://www.stunnel.org/index.html

Best regards,
Claudiu





More information about the Operators mailing list