[Operators] Gmail federation

Marco Cirillo maranda at lightwitch.org
Fri Jan 11 13:05:21 UTC 2013


Il 11/01/2013 13:56, David Banes ha scritto:
> You're correct but I don't see how any organisation can justify using plain text communications for their client facing infrastructure in 2013.
>
> The simple fact is TLS/SSL should be in use anywhere a business carries a clients data.
>
> David
>
> http://zerp.ly/dbanes
> xmpp: david at jabber.org
> Mobile: +44 (0)782 5138 214
>
>
> On 11/01/2013, at 12:52 PM, Marco Cirillo <maranda at lightwitch.org> wrote:
>
>> Just read a bit of the discussion, and at the very least I'm not sure "surprising" is the correct adjective in terms of GTalk not supporting encryption on s2s streams, it's known from years.
>>
>> It could be "inconvenient" at the very least.
>>
>> And Philippe:
>>
>> Section 5.2 - RFC 6120
>>
>> << Support for STARTTLS is REQUIRED in XMPP client and server implementations. An administrator of a given deployment MAY specify that TLS is mandatory-to-negotiate for client-to-server communication, server-to-server communication, or both. An initiating entity SHOULD use TLS to secure its stream with the receiving entity before proceeding with SASL authentication. >>
>>
>>
>>
>>
>>
>
(just noticed the typo on your name Philipp sorry)

David, I don't think I'm justifying anything here.

I just pointed out that it's like this from 2006 which is when it was 
implemented, perhaps it can't be "suprising" also stated it's rather an 
inconveniency and that it's not compliant with the current RFC which 
requires TLS support on s2s streams (which can hardly be interpreted as 
"we do support but not deploy it").

Marco.


More information about the Operators mailing list