[Operators] Please enable Forward Secrecy for your servers!

Mike Barnes mike at bremensaki.com
Mon Oct 5 01:04:29 UTC 2015


What we need to be doing is putting information about the quality of
encryption used in a conversation in front of the users, and letting
them make informed decisions, instead of fracturing the network
invisibly.

Is there any defined mechanism to do this? Users are accustomed to the
little padlock icons on web URLs, can XMPP client software easily
implement something like this or will it need server extensions to
report back? As a temporary measure, could the server send a direct
message to a user alerting them if the encryption on a connection they
initiate falls below a desired threshold?

Inform the users, don't cut them off from their contacts and leave
them no path to even tell them why.

On 4 October 2015 at 22:53, Vincent Lauton <vince at darkness.su> wrote:
> At least gmail,can't say I've blocked the others but I already can't
> communicate without forward secrecy.
>
> 13:52, 4 October 2015, Vincent Lauton <vince at darkness.su>:
>
> Actually I do...
>
> 10:31, 4 October 2015, Evgeny Khramtsov <xramtsov at gmail.com>:
>
> Sat, 03 Oct 2015 13:40:17 +0200
> Vincent Lauton <vince at darkness.su> wrote:
>
>
>  Also I meant I'll block servers that don't support any forward
>  secrecy suites
>
>
> Great idea, LOL. Do you have gmail.com and all its hosted domains
> blocked already? They don't have any "secrecy" at all.
>
>
>
> --
> Sent from Yandex.Mail for mobile
>
>
>
> --
> Sent from Yandex.Mail for mobile


More information about the Operators mailing list