[Operators] Fwd: [jdev] TLS Everywhere

kdex kdex at kdex.de
Mon Oct 28 08:37:45 UTC 2013


In response to your email subject: Does this include abandoning the 
'legacy SSL' encryption option and finally switching over to TLS only? 
I'm not sure why we still have a choice there; isn't legacy SSL more 
unsecure?


On 10/28/2013 04:24 AM, Peter Saint-Andre wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> FYI
>
>
> - -------- Original Message --------
> Subject: [jdev] TLS Everywhere
> Date: Sun, 27 Oct 2013 21:23:08 -0600
> From: Peter Saint-Andre <stpeter at stpeter.im>
> Reply-To: Jabber/XMPP software development list <jdev at jabber.org>
> To: jdev at jabber.org
>
> Almost 15 years have passed since my friend Jeremie Miller released
> the initial version of the jabberd IM server, launching the Jabber
> open-source community and the technology we know today as XMPP. Yet,
> all that time, hop-by-hop encryption using SSL/TLS has been optional
> on the XMPP network. A number of server operators and software
> developers in the XMPP community have decided that needs to change for
> the better. Based on discussions at the XMPP Summit last week in
> Portland, Oregon, I have drafted a plan for upgrading the XMPP network
> to always-on, mandatory, ubiquitous encryption. You can find it here:
>
> https://github.com/stpeter/manifesto
>
> In short: we owe it to those who use XMPP technologies to improve the
> security of the network (and thanks to Thijs Alkemade, we now have
> better ways to test such security, using the newly-launched "IM
> Observatory" at xmpp.net). Although we know that channel encryption is
> not the complete answer, it's the right thing to do because it will
> help to protect people's communications from prying eyes.
>
> If you or your organization develop XMPP-compatible software or run a
> service that's connected to the XMPP network, I encourage you to sign
> the statement by following the instructions in the README at the URL
> shown above.
>
> Thanks!
>
> Peter
> _______________________________________________
> JDev mailing list
> Info: http://mail.jabber.org/mailman/listinfo/jdev
> Unsubscribe: JDev-unsubscribe at jabber.org
> _______________________________________________
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJSbdjUAAoJEOoGpJErxa2pduIP/3Zfk2I5vY/2eXGcRuDiEgux
> h0o92bYfN70U3hv838JxBGFsxHLQRCY6NhNHwIeXKiARpagyVAfDT+xT4UEmEvI2
> YMfnxM/1cTCAcwUlT7MivYPaZwyt9DMVLuZdhjari5W6lUvMdmZ5Fwb9GReUQpTk
> w278rnMyG+fxoeewHR9iM8mCi+r7qJiLI3m9zYAzoXQROTzYdKYtBsBQA/+vO2Uk
> PiMKY2I+nRrAup/RvUBOMWtGS3mG5GIr94tgBCi0aYd+TJQ0JOZnNONfaif6Oe8Z
> sNRqjIB7UvIyNuY3+UuN4hRARRfkjwppMw2cRD/14m7nFuXbTxENjPU9iL4h8GM4
> J/g1QqbLHJuAVgtyvdYNnKFlPrx0eNE6EWxGAM0YicPrRJwd7uBHNj2ayLjHCHcT
> stctfneBmp2an6vx0UXTgYtYMxnNbJfWlpYz9bAaHn5iffoPEC9MVPfMZiM834nd
> DDj7tnG07azT8NDc8r4awp43Yei9K/zGSYa0CRKUIlHB4bDNSQa1MoTKFQlsZNKn
> mpFl0YuPKTmkxz5enp1geDGQcaQrdH9qeihqymOZaMyjXbSU9l2z3YSEoBxJ1oPa
> 7gFefwahd6wN0uptQxuIp6yqVTPV7xwToFFlVk7V4RnGqI1I8k8iJSpYwrM3UjVH
> 8evixpDLJEzSahK9u5hP
> =95mP
> -----END PGP SIGNATURE-----



More information about the Operators mailing list