[Operators] Fwd: [jdev] TLS Everywhere
Jesse Thompson
jesse.thompson at doit.wisc.edu
Tue Oct 29 18:36:55 UTC 2013
On 10/29/2013 1:25 PM, Dave Cridland wrote:
> On Tue, Oct 29, 2013 at 6:17 PM, Jonas Wielicki
> In fact, most of my s2s is already TLS (although I don't require it).
> The only exceptions are google+talk and (weirdly) ddg.im
> <http://ddg.im> (duckduckgo).
> I've already raised that issue to their attention[1], no fix yet, as far
> as I know.
>
>
> By TLS, is that including proper authentication?
Is dialback "proper authentication"?
I doubt that POSH or DNSSEC/DANE are very widely available, and relying
on PKI is plagued with name mismatches for hosting providers as well as
lack of CA root certs in trust chains.
Jesse
More information about the Operators
mailing list