[Operators] Fwd: [jdev] TLS Everywhere

Jesse Thompson jesse.thompson at doit.wisc.edu
Tue Oct 29 17:40:18 UTC 2013


On 10/28/2013 2:52 PM, Peter Saint-Andre wrote:
> On 10/28/13 1:41 PM, Jesse Thompson wrote:
>> Are there more details?  Specifically, does "hop-by-hop encryption
>> using SSL/TLS" require strong association between a domain name and
>> an XML stream as described in draft-ietf-xmpp-dna-04?
>
> We, as a community, need to figure out what we can do.
>
> Realistically, I think we need to prefer authenticated encryption via
> PKI, POSH, or DNSSEC/DANE and fall back to opportunistic encryption
> via TLS + dialback.

So, the presumption is that servers which aren't capable of at least 
TLS+dialback will be cut off?

Jesse


More information about the Operators mailing list