[Operators] Fwd: [jdev] TLS Everywhere
jesse.thompson at doit.wisc.edu
Tue Oct 29 18:36:55 UTC 2013
On 10/29/2013 1:25 PM, Dave Cridland wrote:
> On Tue, Oct 29, 2013 at 6:17 PM, Jonas Wielicki
> In fact, most of my s2s is already TLS (although I don't require it).
> The only exceptions are google+talk and (weirdly) ddg.im
> <http://ddg.im> (duckduckgo).
> I've already raised that issue to their attention, no fix yet, as far
> as I know.
> By TLS, is that including proper authentication?
Is dialback "proper authentication"?
I doubt that POSH or DNSSEC/DANE are very widely available, and relying
on PKI is plagued with name mismatches for hosting providers as well as
lack of CA root certs in trust chains.
More information about the Operators