[Operators] Fwd: [jdev] TLS Everywhere

Jesse Thompson jesse.thompson at doit.wisc.edu
Tue Oct 29 18:36:55 UTC 2013


On 10/29/2013 1:25 PM, Dave Cridland wrote:
> On Tue, Oct 29, 2013 at 6:17 PM, Jonas Wielicki
>     In fact, most of my s2s is already TLS (although I don't require it).
>     The only exceptions are google+talk and (weirdly) ddg.im
>     <http://ddg.im> (duckduckgo).
>     I've already raised that issue to their attention[1], no fix yet, as far
>     as I know.
>
>
> By TLS, is that including proper authentication?

Is dialback "proper authentication"?

I doubt that POSH or DNSSEC/DANE are very widely available, and relying 
on PKI is plagued with name mismatches for hosting providers as well as 
lack of CA root certs in trust chains.

Jesse


More information about the Operators mailing list