[Operators] Gmail federation

David Banes david at banes.org
Fri Jan 11 12:56:26 UTC 2013


You're correct but I don't see how any organisation can justify using plain text communications for their client facing infrastructure in 2013.

The simple fact is TLS/SSL should be in use anywhere a business carries a clients data. 

David

http://zerp.ly/dbanes
xmpp: david at jabber.org
Mobile: +44 (0)782 5138 214


On 11/01/2013, at 12:52 PM, Marco Cirillo <maranda at lightwitch.org> wrote:

> Just read a bit of the discussion, and at the very least I'm not sure "surprising" is the correct adjective in terms of GTalk not supporting encryption on s2s streams, it's known from years.
> 
> It could be "inconvenient" at the very least.
> 
> And Philippe:
> 
> Section 5.2 - RFC 6120
> 
> << Support for STARTTLS is REQUIRED in XMPP client and server implementations. An administrator of a given deployment MAY specify that TLS is mandatory-to-negotiate for client-to-server communication, server-to-server communication, or both. An initiating entity SHOULD use TLS to secure its stream with the receiving entity before proceeding with SASL authentication. >>
> 
> 
> 
> 
> 




More information about the Operators mailing list