[Operators] Gmail federation

Kevin Smith kevin at kismith.co.uk
Fri Jan 11 16:40:07 UTC 2013


On Fri, Jan 11, 2013 at 3:45 PM, Marco Cirillo <maranda at lightwitch.org> wrote:
> I'd like to also point out, expecially how STARTTLS is handled xmpp wise,
> that you can't know what gets implemented and what doesn't explicitly as
> long as you don't have the software, it's code or the implemented thing
> reaches "the wire" or worse, getting into a world of pointless assumptions.

And that's fine. The point is that if you're providing XMPP software,
you must support it - I can't go and buy an XMPP server implementation
from someone and it not have TLS support. Deploying without TLS is
acceptable from the protocol point of view, this doesn't make you
non-compliant. So in cases where the implementation is the deployment,
like Google's, there's no practical foul from a compliance PoV to them
not enabling/coding TLS.

Which isn't to say that we wouldn't like them to support TLS, or
indeed that they wouldn't like to support TLS.

/K


More information about the Operators mailing list