[Operators] The Google issue
eric at no-sense.net
Fri Nov 22 08:29:10 UTC 2013
On 21-Nov-13 21:20, Solomon Peachy wrote:
> I have mixed feelings about this, because I'm the only user on my
> server, and only two folks on my roster aren't google-hosted. Frankly,
> without Google federation I might as well not bother.
I second this. Many of my users have contacts within Google and I do not
wish to break connection between them. I have surveyed a few users with
Google contacts on their roster and they all responded that they would
not be happy. All but one indicated that either security was not an
issue for them or they were using OTR and one even said he would move to
a Google account when I told him about the unsecure channel between my
server and Google..... I also talked to two users who I know are keen on
security and they indicated they already knew that communication with
Google could not be trusted and they were using OTR for all their
communications in any case.
While I am very much in favor of secure communications between all the
involved parties I think I will not participate in the January 4 event.
My opinion is that client-to-client security is the way to go. After all
no matter how tight the security, within our servers between c2s and s2s
communication is insecure by design and messages can still be
intercepted in plaintext by a malicious operator.
I know I've been stepping over the authentication part of security but
I'm trying to look at it from the user's view. They want connectivity
most of all and security is either second or done by the user using OTR
or similar techniques. I think cutting Google off would harm the XMPP
community more than it would harm Google. Therefore I'm also in favor of
communicating with Google to attempt to work things out.
My 5 cents.
More information about the Operators