[Operators] Post-google TLS on s2s connections

[Jonas Wielicki]

Hi all,

It's been discussend and I'm keen to find out about authenticated and
encrypted s2s.

So I wonder what, if any, the current “standards” or suggestions on this
one are. I'm a fan of CACert, and I'd like to stick for that. How's the
reputation of CACert in the XMPP community? I believe I read somewhere
that hardly anyone really does validation of the s2s-TLS-connection if
one is used at all?

To boil it down: What would I need as a server operator to have the
optimal setup for s2s TLS?

If there are no standards yet here (although I guess there are some,
based on the behaviour of current implementations), I think we shall
discuss this, with the major blocker “Google Federation” out of the way.

regards,
Jonas

ps.: hopefully this mail will not dupe, I think I used the wrong sender
address on my previous attempt