[Operators] Fwd: [jdev] TLS Everywhere

Peter Saint-Andre stpeter at stpeter.im
Tue Oct 29 17:55:05 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/29/13 11:43 AM, Philipp Hancke wrote:
> Am 29.10.2013 18:40, schrieb Jesse Thompson:
>> On 10/28/2013 2:52 PM, Peter Saint-Andre wrote:
>>> On 10/28/13 1:41 PM, Jesse Thompson wrote:
>>>> Are there more details?  Specifically, does "hop-by-hop
>>>> encryption using SSL/TLS" require strong association between
>>>> a domain name and an XML stream as described in
>>>> draft-ietf-xmpp-dna-04?
>>> 
>>> We, as a community, need to figure out what we can do.
>>> 
>>> Realistically, I think we need to prefer authenticated
>>> encryption via PKI, POSH, or DNSSEC/DANE and fall back to
>>> opportunistic encryption via TLS + dialback.
>> 
>> So, the presumption is that servers which aren't capable of at
>> least TLS+dialback will be cut off?
> 
> Yes. That means gtalk and google apps. But google made the first
> move in breaking that.

Well, it is *possible* that the Talk team will decide to put some
investment into server-to-server security and thus join the encrypted
XMPP network (mostly likely requiring support for POSH or DNSSEC).
Naturally we'd all welcome that, but IMHO we need to move forward even
without Google Talk and their hosted XMPP services on board.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSb/Z5AAoJEOoGpJErxa2p5Z0P/0+7YUlYiXkXmNrFXCR2fTro
GTpJy60jFgLgst0dSNf+dPsW1ynUnIyzUu3h1Ibn2IwOz6J11lHwLNQd6SXtAqoH
1Magd4w/7qP313aXYsRo/rEyqZsCmLfxdr21DJXHb19YELQIGEcX4xpVUKiUoXXA
CFPDgqaoc0ZWMy04m+YJocZnxuRt+OfujacLBLSYx/kF8H+89hPa+UCQSKfSgjCt
sB6B7aHtMSDw+RCf94mjdOgpzLlu6TYgMjJ2j5xSyXFM9/4Zb1LK2YjEIjdUbteD
zdZnKMdMVAQA+X1l921JgO7ggbuockswO8ZcBNgvyOUDwww5HOgrfR3P5XWGimcm
Q9q7TcMMxTwUw9qn36d7DBMDgO5hxLLkSvq20CHFtwUJWQODGYQAvVoG0gGOM9Z4
imuqCTkQt/863eG89ArAXW5wmndvXRw3Mrf6qQZGy+7VRICzcwUQxfVjgWRFNbx2
1AgN7s4iJOz50Kj8UpiIlNQpshNKBfKmkiIWoZHTqHoR7NCXE0NtKXOfwp7kiB7N
geoJ16OalI6VCVP48vWssBbTmdji7LKa2GapUHx5rKic94FJHHici667z7M9SHzz
7LInC10lhjZ/zISf90k0lymOEZq9JtmZiQVGaT3n/X8DKFJnllL+dMGt4CJp9IJz
JOO9SWz49vKTGOSd1ZF/
=yyE3
-----END PGP SIGNATURE-----


More information about the Operators mailing list