[Operators] XMPP Security Talk to IAB

Marco Cirillo maranda at lightwitch.org
Fri Aug 29 10:45:12 UTC 2014

The main challenge, at least here, regards communicating with "silos" 
like Google/Google Apps domains and webex hosted domains (cisco.com 
etc). And since my users demanded that with high voice irregardless of 
security I had in the end to (add code to) allow exceptions to grant s2s 
communication with those services.


Il 29/08/2014 10:54, Dave Cridland ha scritto:
> Folks,
> I really need your help.
> I've been asked to give a talk next Wednesday to the Internet 
> Architecture Board - the senior panel of the IETF - about the changes 
> we made to encryption on the XMPP network.
> When I say "I've been asked", I quite clearly mean "They asked lots of 
> more sensible people first but they all said no" - and I'm very much 
> aware I'm acting as a mouthpiece for the community here.
> Thijs Alkemade, who maintains the awesome xmpppoke software that 
> powers the IM Observatory on xmpp.net <http://xmpp.net>, has given me 
> bucket-loads of beautifully graphed data, so I've got the "hard" facts 
> I need to build a story out of. But hard facts only take us some of 
> the way.
> I'm interested in highlighting why operators chose to enable 
> encryption, make it mandatory, and other security choices. Stories of 
> the challenges you guys faced, and what compromises you felt forced to 
> make, and so on are also going to be very interesting to the audience. 
> Human factors in your choices are just as interesting as technical 
> ones - a lot of what we do is around people communicating, so impact 
> to that fundamental ability is of course important. Facts and figures 
> are welcome if you have them, anecdotes are good either way.
> The IAB is mostly interested in opportunistic encryption - self-signed 
> certificates etc - but I'd like to talk about the challenges that CAs 
> introduce, and discuss DNSSEC, DANE, POSH, PFS, and so on, too.
> In many respects, I'm hoping that this is a chance for the XMPP 
> community to really influence the future strategy of security on the 
> Internet - we've clearly managed a huge amount in a very short time, 
> and we're substantially more advanced in many ways than other communities.
> I'll end this as I begun - I *really* need your help, so please either 
> send me a mail at dave at cridland.net <mailto:dave at cridland.net> or 
> reply to this with your comments.
> Dave.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140829/bb793db0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4299 bytes
Desc: Firma crittografica S/MIME
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140829/bb793db0/attachment.bin>

More information about the Operators mailing list