[Operators] Security Test Day - feedback needed!

Peter Saint-Andre stpeter at stpeter.im
Mon Jan 6 03:32:59 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/05/2014 03:41 PM, Marco Cirillo wrote:
> Il 05/01/2014 20:13, Mike Taylor ha scritto: So a lot of us flipped
> the "encryption required" flag for our Server-to-Server connections
> yesterday, how did it go? For my self it went very well, but I also
> tend to only communicate to other XMPP folks :)
> 
> I would love to hear from operators and normal users about any
> results or issues that were seen or heard about.
> 
> Thanks!
> 
> It singled out a lot of big services here:
> 
> - cisco.com and all webex jabber hosted services

We'll need POSH to include those for authenticated encryption. I'll
check into these further.

> - google talk and all google apps xmpp hosted domains (and it's
> more then you think...)

As mentioned, those are supposed to support unauthenticated encryption
(TLS + Dialback) before May 19th.

> - All servers which run Openfire even if they support TLS, they
> seem to trample on authentication steps when they open a stream to
> a server which presents both SASL and DB

It would be good to know more about what's happening here so that we
can ping Guus about it.

> - All servers which (seemingly) are pre-1.0 (even those who don't 
> properly tag their strean headers)

Hopefully there aren't *too* many of those around anymore, since 1.0
was defined in 2004.

> And beside this had some not so nice encounters with very buggy
> jabberd2 servers which started to loop attempting to re-establish a
> connection (very fast beside) when the server closed down their
> streams.

I'll post to the jabberd2 list about that. Do we know what version of
jabberd2 was involved?

Other scenarios I'm curious about:

- - domains hosted at GMX, DreamHost, Flosoft, i-pobox.net, etc.
- - Office365 deployments
- - Lotus SameTime deployments

Peter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSyiPrAAoJEOoGpJErxa2pcS4P/0YAErRzf58uMG3nz124zkni
/sK4cObIGRvVhuCCKTizXECFowqGeuaxmZl3sEYEj0bmEm1X8x0GPKBr1I+cfKxW
dioBJvyvERAi4re8hOFtuIwVX1U+CpAK1tspSNzWc1dn+kxF6VC0U2/WPBx0tKVs
IlCf+CgArINVoBbEqx/676vn5czIBMtUj2qh5f66DSiI1RqOkzbOQ1GWmE0qBkh3
LFTaQE6AMpX6yyix6GOUJY0yPyGTMeQqqAycCQZK2E/aA54ans59e7Inu9iIMOtr
1VQVFNhWy+dYCt+ODud4qS2HM0NErKUHlozib084boIm5rKIHVI2/RHsauDzJBft
WCiAyKDp0t7SMShH3FmC5Lxid3CXhhvleYCD9yEctDfhZLyX9AqjNdXlKxDAa6cA
HDowYuRXFZNKgJARETVi7/a50tN7fPV6IbYuJgj6NPgsALHAJZF16vvE+HnP17qM
WRuNfndzXWMhQK6t5CQu0atsfhchdmcWc24V9bz//Dlklqzeh/UDjL2MjIOsofKs
S2hy48cqs6I26gm/GmWl3RDb4RlfNUJkrB7J60h6x2EbP/zZ1JJZEqiEH/xkX0gD
qLqFJuxbXR3OoMFPb5H2b1srq1y/SslRZEPcctp38YTIOA8ZhJYaChGmO/yd/g1W
FzRyo9v3eRVE/ygU3i5i
=VGb2
-----END PGP SIGNATURE-----


More information about the Operators mailing list