[Operators] XMPP Security Talk to IAB

Dave Cridland dave at cridland.net
Mon Sep 1 10:52:22 UTC 2014


On 31 August 2014 22:28, Evgeny Khramtsov <xramtsov at gmail.com> wrote:

> Sun, 31 Aug 2014 22:35:07 +0200
> Jonas Wielicki <xmpp-operators at sotecware.net> wrote:
>
>
> > I left the c2s-encryption-required switch in place (there would have been
> > out-of-band measures to reach me if that had been a problem)
>
> A year ago I did some experiment on a medium size server (150,000 users
> online in peak). I modified ejabberd so it added starttls <required/>
> tag without actually requiring it, i.e. ignoring this tag by a client
> was OK. The results were bad: about 20% of clients were ignoring it.
> Mostly some versions of QIP (which is the most popular XMPP client in
> Russia).
>

That's interesting - that's people simply ignoring <starttls/> entirely,
I'd assume.

Do you have the actual figures to hand? That'd be interested data to
include. It's interesting for two reasons, actually - firstly, it's
interesting to show that some 20% of clients in some areas don't support
TLS at all, and secondly it's interesting to show that people in the
community do this kind of research.

Incidentally, I'm gathering the names of people who're helping me, here,
and will, of course, have a "credits" slide for those helping write the
presentation.

The presentation will be online, eventually, but I hate putting slides etc
up before I've done the talk.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140901/88809bf4/attachment.html>


More information about the Operators mailing list