[Operators] Fwd: [jdev] TLS Everywhere

Philipp Hancke fippo at goodadvice.pages.de
Tue Oct 29 17:43:14 UTC 2013


Am 29.10.2013 18:40, schrieb Jesse Thompson:
> On 10/28/2013 2:52 PM, Peter Saint-Andre wrote:
>> On 10/28/13 1:41 PM, Jesse Thompson wrote:
>>> Are there more details?  Specifically, does "hop-by-hop encryption
>>> using SSL/TLS" require strong association between a domain name and
>>> an XML stream as described in draft-ietf-xmpp-dna-04?
>>
>> We, as a community, need to figure out what we can do.
>>
>> Realistically, I think we need to prefer authenticated encryption via
>> PKI, POSH, or DNSSEC/DANE and fall back to opportunistic encryption
>> via TLS + dialback.
>
> So, the presumption is that servers which aren't capable of at least
> TLS+dialback will be cut off?

Yes. That means gtalk and google apps. But google made the first move in 
breaking that.



More information about the Operators mailing list