[Operators] Fwd: [jdev] TLS Everywhere

[Peter Saint-Andre]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/29/13 11:40 AM, Jesse Thompson wrote:
> On 10/28/2013 2:52 PM, Peter Saint-Andre wrote:
>> On 10/28/13 1:41 PM, Jesse Thompson wrote:
>>> Are there more details?  Specifically, does "hop-by-hop
>>> encryption using SSL/TLS" require strong association between a
>>> domain name and an XML stream as described in
>>> draft-ietf-xmpp-dna-04?
>> 
>> We, as a community, need to figure out what we can do.
>> 
>> Realistically, I think we need to prefer authenticated encryption
>> via PKI, POSH, or DNSSEC/DANE and fall back to opportunistic
>> encryption via TLS + dialback.
> 
> So, the presumption is that servers which aren't capable of at
> least TLS+dialback will be cut off?

Yes.

Now, this is a proposal, not an ultimatum. We, as a community, need to
come to a decision about whether this is a reasonable course of
action. However, I do think we owe it to the users of our services to
provide a higher level of security.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSb/SBAAoJEOoGpJErxa2pk4oQAJrVbrLt0lrGh/TpxnU6OjXv
hfL8Q4Tzm3dFkkgdXt/cI9fn7W58P98Id17rCA12zIimpnai7zCedtKhcphBbX5p
u6r+IvJo9mmhPgvQ37qp0YGRxcTETRtetF4gjAv4cdM43QhglXPg7O1dX0g6i3ta
AS1b+IySqrjqCBM9Skp5+EBugioqFh2UgkQa05lpIz0kISwIAw3ziq+ENBA/MTKY
PwG67NAunTwRcP23ZHUOivGL8GMF+BujUt2hMcYbhZJaYU17aCQha2eRqO4oNNgp
Bg7l6PjvnQTRaVt+rh9qCo+LomuhTnDp0byMdKYAazcM+wNg6WE+cNg0Vj5SC5q0
y7f6EIVgP9spB9R0bFnIqiRnWT1xdre4x49KluydZB0skRE3FRCJtCEJ62i1R7EJ
fZJPVTWcnREhiymZySvpboUIkiR/hkRVVvh4+NrHMal5m9aT0m7ovA/uLSFNAYyD
ErPaM3BD33ag4x2qdvU63LV6ZzdVJCPQz6S7369ueGVgO7zogje6GKWqs1EClqBa
6lx8by3uAlEt6X5swUudPifOLZNbZBE6NsOx5Ml81NmQt5S6AFNFD6qfGO5dlhS0
8QcW5hbRvHHPw0jvbLSg7YwOqqKcgz/KBDNkTFjgG6lkGPH1Z2cNtqDP+zSxfJLg
e/oKTKf3OIQHAYMCVjBA
=Y7kX
-----END PGP SIGNATURE-----