[Operators] Please enable Forward Secrecy for your servers!

Tim Birkefeld mail at tim-birkefeld.de
Mon Oct 5 01:21:25 UTC 2015


+1

On Mon, 5 Oct 2015 12:04:29 +1100
Mike Barnes <mike at bremensaki.com> wrote:

> What we need to be doing is putting information about the quality of
> encryption used in a conversation in front of the users, and letting
> them make informed decisions, instead of fracturing the network
> invisibly.
> 
> Is there any defined mechanism to do this? Users are accustomed to the
> little padlock icons on web URLs, can XMPP client software easily
> implement something like this or will it need server extensions to
> report back? As a temporary measure, could the server send a direct
> message to a user alerting them if the encryption on a connection they
> initiate falls below a desired threshold?
> 
> Inform the users, don't cut them off from their contacts and leave
> them no path to even tell them why.
> 
> On 4 October 2015 at 22:53, Vincent Lauton <vince at darkness.su> wrote:
> > At least gmail,can't say I've blocked the others but I already can't
> > communicate without forward secrecy.
> >
> > 13:52, 4 October 2015, Vincent Lauton <vince at darkness.su>:
> >
> > Actually I do...
> >
> > 10:31, 4 October 2015, Evgeny Khramtsov <xramtsov at gmail.com>:
> >
> > Sat, 03 Oct 2015 13:40:17 +0200
> > Vincent Lauton <vince at darkness.su> wrote:
> >
> >
> >  Also I meant I'll block servers that don't support any forward
> >  secrecy suites
> >
> >
> > Great idea, LOL. Do you have gmail.com and all its hosted domains
> > blocked already? They don't have any "secrecy" at all.
> >
> >
> >
> > --
> > Sent from Yandex.Mail for mobile
> >
> >
> >
> > --
> > Sent from Yandex.Mail for mobile


-- 
Tim Birkefeld <mail at tim-birkefeld.de>


More information about the Operators mailing list