[Operators] Fwd: [jdev] TLS Everywhere

Peter Saint-Andre stpeter at stpeter.im
Mon Oct 28 19:52:12 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/28/13 1:41 PM, Jesse Thompson wrote:
> Are there more details?  Specifically, does "hop-by-hop encryption
> using SSL/TLS" require strong association between a domain name and
> an XML stream as described in draft-ietf-xmpp-dna-04?

We, as a community, need to figure out what we can do.

Realistically, I think we need to prefer authenticated encryption via
PKI, POSH, or DNSSEC/DANE and fall back to opportunistic encryption
via TLS + dialback.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSbsBrAAoJEOoGpJErxa2pctwP/jVU8p4YpyIU/SRnmQdOvtei
/TfYi+OdYHih/40vc5dhZhUouNAQp6MingSye6JoRRLa+WbAy5zaqmceG3LCGOst
NtztsjZ42C7+1hNAUvXeI4YmLDRmdcmMfP2L+4l5JYGBHlOcNpC0M5mrJuuTcnoo
djrGLvtXDDzegsaDzPMvyzvTbri4DJ9N7QFcjrP6a+rDRC5R0wK94nbf5xOeRENu
SAurOsKnFOZf0ioCB//WIzcaetPxCDN1YbqPp2JnWQg17na0bSZopikzZE0JQx5u
mrr1yZvllJgzPA4eCrRolmYHJ496ZDaYu/w6JT2DauL8J8UkrDegkPJ4HlNRCVpw
Ii2X9OLeSTGVFhvyNSSRgTOZxVzyqzhqSgBPLhKjtZ+rWB/5pPbro5dOP756M3nU
zsBXqrWdWqCUlMuQNaovN+/jrX1I1qHoQzpHeD2LvZmXJ9YELvfc1605g5r/Q7lK
jRcDj8aYMmp2AYVpcjEFi+98ToYQF5yZTE8EKQBklcOuvrjyGRJG6IawYDilctdl
StdOvt2A1KybzBEpyHIqAFkKd3O5GtATge9JYIy5Ze0vGxhpTwhU11uOGIS6iOb+
N/AWEKz5BU30bnWPJ1zzO7tfdnl1JQ5/LZZMn8BUit9MYPf3i+lRliM7fyzlRqy9
prJoIAkA2nBjUj9N5hoO
=r0bU
-----END PGP SIGNATURE-----


More information about the Operators mailing list