[Operators] debian.org XMPP - using DANE / TLSA?

Dave Cridland dave at cridland.net
Wed Oct 28 21:57:00 UTC 2015


On 28 October 2015 at 21:32, Daniel Pocock <daniel at pocock.pro> wrote:

>
>
> We are just reviewing the final configuration before announcing
> debian.org XMPP
>
>
That's great news.


> Can anybody comment on DANE / TLSA?  Should we only talk to servers
> supporting this?
>
>
Last time I looked, only around 10% of servers supported DNSSEC, let alone
DANE. I think, given that the RFC has only *just* been published, that
mandating DANE is premature.

Requiring servers to use TLS is entirely practical, requiring them to have
certificates signed by a CA you trust is also reasonable.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20151028/877ec8cc/attachment.html>


More information about the Operators mailing list