[Operators] XMPP Security Talk to IAB

Dave Cridland dave at cridland.net
Fri Aug 29 08:54:54 UTC 2014


I really need your help.

I've been asked to give a talk next Wednesday to the Internet Architecture
Board - the senior panel of the IETF - about the changes we made to
encryption on the XMPP network.

When I say "I've been asked", I quite clearly mean "They asked lots of more
sensible people first but they all said no" - and I'm very much aware I'm
acting as a mouthpiece for the community here.

Thijs Alkemade, who maintains the awesome xmpppoke software that powers the
IM Observatory on xmpp.net, has given me bucket-loads of beautifully
graphed data, so I've got the "hard" facts I need to build a story out of.
But hard facts only take us some of the way.

I'm interested in highlighting why operators chose to enable encryption,
make it mandatory, and other security choices. Stories of the challenges
you guys faced, and what compromises you felt forced to make, and so on are
also going to be very interesting to the audience. Human factors in your
choices are just as interesting as technical ones - a lot of what we do is
around people communicating, so impact to that fundamental ability is of
course important. Facts and figures are welcome if you have them, anecdotes
are good either way.

The IAB is mostly interested in opportunistic encryption - self-signed
certificates etc - but I'd like to talk about the challenges that CAs
introduce, and discuss DNSSEC, DANE, POSH, PFS, and so on, too.

In many respects, I'm hoping that this is a chance for the XMPP community
to really influence the future strategy of security on the Internet - we've
clearly managed a huge amount in a very short time, and we're substantially
more advanced in many ways than other communities.

I'll end this as I begun - I *really* need your help, so please either send
me a mail at dave at cridland.net or reply to this with your comments.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140829/a822e1f1/attachment-0001.html>

More information about the Operators mailing list