[Operators] IM Observatory @ xmpp.net

Peter Saint-Andre stpeter at stpeter.im
Thu Oct 31 01:38:29 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/30/2013 03:50 PM, Phil Pennock wrote:
> On 2013-10-30 at 10:22 +0100, Thijs Alkemade wrote:
>> In my opinion, “trusted” should not mean “can xmpp.net make a
>> connection it trusts” but rather “can (most) end users make a
>> connection without certificate warnings”. Currently, I’m not
>> aware of any client supporting DANE. (This also covers my opinion
>> on CAcert.)
> 
> Reasonable, thanks.  "Trusted" might be a poor choice of words,
> given than without pinning, history shows that the CA system is
> already too vulnerable here, so relying purely upon the CA for
> _unattended_ operation s2s, where a human would not have an
> opportunity to review (unless diligently reviewing logs) may result
> in false self-assurances of integrity.
> 
> But "the perfect is the enemy of the good" and this is definitely a
> huge step forwards, as is the manifesto; so as long as this state
> is not seen as the end goal but a worthwhile step, I'm all for it.

Absolutely.

I am all in favor of DANE/DNSSEC, POSH, secure delegation, key
pinning, certificate transparency, and of course end-to-end
encryption. But we need to start somewhere, and that's what this
manifesto is all about. We might have other manifestoes in the future. ;-)

>> Of course, this is only my own opinion. :) The test should be
>> useful for the community, so if the consensus is that DANE’s
>> trust anchor assertions should be allowed for showing up as
>> trusted, then I’m willing to change that.
> 
> Probably best to just have rough consensus that once a couple of
> major clients and a couple of major servers have support, the
> relevant report mechanisms can be updated; s2s and c2s could switch
> independently.

Agreed.

> Once a couple have support, and the reporting mechanism shows that
> this is sufficient for many, it provides gentle pressure on
> everyone else that they're falling behind in not providing the
> certificate validity assurance that their users should be able to
> depend upon.

Yes. Over time we'll keep raising the bar.

Peter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJScbSVAAoJEOoGpJErxa2pw9sP/0a0Gi/mqEtyDiPnonEX2eDd
+kiKWvlMPYwXM9j30rI1S/EQ+nq/qNMc3hqtPKZmx9AGHcPAZ9rjC/1Fe5aub7dP
9wlCcchepwQPXi0PR5ghvQTu2ZCwz/LNcM1L4Dc8uP7dL3DqJcglihodAfSCscIf
AGrr0qIvHmL/UU9+DA+0TzupW1/Ar6jfv+lYfPiuPyX8ZOkvc3oJNG1p1KXm0mj1
+xPaiXB+1B1e9WvrY8M4jWXZCsc+c+ZF2vP89RRvdStM30TiL+BPwkfhFu4TKVTS
DKZ0VfNpeS61HTffdEAuD9p0GVnQgsDxRgn1BT83v1GOpud1iCNifVlr5LAbU0YQ
gJ30632ee+ULVvt59B0x/aUs6TnLaQ5ah2wGGZ6EZ+I9JeRN+Gbm6JIwdRop7KUl
i+qe8MAyU0ECaPpelYTRh6Wk4Sl624AOJs0nZ8BdJ3BayBIR7zMqfosAHuauDLmT
/1HZCOgsY90FY23jWr2THN1gyOBBGx9JENr7ra4jbH/5O4p1Gvxo1ImdMwGExioZ
tJmyklSyhELZtiTDHjiCnuCzMMkToriZUifdH2hoCyaxgmY4Kv5Zq+Ahh2JO63vF
61/poa/vo4kFzjqn/pK3xEha5dkvvIawjkz56bkulTaDgQvCk40XjchwiALbYuIr
hjIP5tMnuaaHSJ3yX88X
=vKuA
-----END PGP SIGNATURE-----


More information about the Operators mailing list