[Operators] IM Observatory @ xmpp.net
thijs at xnyhps.nl
Wed Oct 30 09:22:12 UTC 2013
On 30 okt. 2013, at 06:55, Phil Pennock <xmpp-operators+phil at spodhuis.org> wrote:
> Signed PGP part
> On 2013-10-29 at 17:20 -0600, Peter Saint-Andre wrote:
> > In case you missed it during all the TLS discussion, we've repurposed
> > xmpp.net to function as an "IM Observatory". This makes it easy to
> > figure out whether your service offers a high level of security. Just
> > visit https://xmpp.net/ and type your domain name into the "test a
> > server" box on the homepage (note that you can check both c2s and s2s,
> > with the default being c2s).
> > And don't worry, the server list is still there, although it's less
> > prominent on the site.
> > Many, many thanks to Thijs Alkemade (who is also the project lead on
> > the Adium client) for all his work on this new service.
> Looks cool. Is there an intention to support TLSA+DNSSEC providing a
> trust anchor to override the automatic F grade for having an untrusted
> CA cert? If so, is there anything I can do to help? (Beyond "Sure,
> send as many probes as you want at my server during dev/testing to
> refine this feature", which I hereby grant permission for.)
In my opinion, “trusted” should not mean “can xmpp.net make a connection it
trusts” but rather “can (most) end users make a connection without certificate
warnings”. Currently, I’m not aware of any client supporting DANE. (This also
covers my opinion on CAcert.)
Of course, this is only my own opinion. :) The test should be useful for the
community, so if the consensus is that DANE’s trust anchor assertions should
be allowed for showing up as trusted, then I’m willing to change that.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Operators