[Operators] XMPP Security Talk to IAB

Dave Cridland dave at cridland.net
Fri Aug 29 12:28:02 UTC 2014

On 29 August 2014 11:45, Marco Cirillo <maranda at lightwitch.org> wrote:

>  The main challenge, at least here, regards communicating with "silos"
> like Google/Google Apps domains and webex hosted domains (cisco.com etc).
> And since my users demanded that with high voice irregardless of security I
> had in the end to (add code to) allow exceptions to grant s2s communication
> with those services.
That's an excellent point, actually, and one I hadn't addressed in this
note - some implementations have had to gain new features in order to
handle the security landscape changing. I know Prosody, too, has developed
a mechanism for whitelisting domains, so deployments can relax requirements
for Google et al.

> Marco.
> Il 29/08/2014 10:54, Dave Cridland ha scritto:
> Folks,
>  I really need your help.
>  I've been asked to give a talk next Wednesday to the Internet
> Architecture Board - the senior panel of the IETF - about the changes we
> made to encryption on the XMPP network.
>  When I say "I've been asked", I quite clearly mean "They asked lots of
> more sensible people first but they all said no" - and I'm very much aware
> I'm acting as a mouthpiece for the community here.
>  Thijs Alkemade, who maintains the awesome xmpppoke software that powers
> the IM Observatory on xmpp.net, has given me bucket-loads of beautifully
> graphed data, so I've got the "hard" facts I need to build a story out of.
> But hard facts only take us some of the way.
>  I'm interested in highlighting why operators chose to enable encryption,
> make it mandatory, and other security choices. Stories of the challenges
> you guys faced, and what compromises you felt forced to make, and so on are
> also going to be very interesting to the audience. Human factors in your
> choices are just as interesting as technical ones - a lot of what we do is
> around people communicating, so impact to that fundamental ability is of
> course important. Facts and figures are welcome if you have them, anecdotes
> are good either way.
>  The IAB is mostly interested in opportunistic encryption - self-signed
> certificates etc - but I'd like to talk about the challenges that CAs
> introduce, and discuss DNSSEC, DANE, POSH, PFS, and so on, too.
>  In many respects, I'm hoping that this is a chance for the XMPP
> community to really influence the future strategy of security on the
> Internet - we've clearly managed a huge amount in a very short time, and
> we're substantially more advanced in many ways than other communities.
>  I'll end this as I begun - I *really* need your help, so please either
> send me a mail at dave at cridland.net or reply to this with your comments.
>  Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140829/04fc6192/attachment.html>

More information about the Operators mailing list